Dell PowerEdge VRTX User Manual
Page 738
738
ACL Commands
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC
2+3\new_system_mifs_ARC2_latest\ACL.fm
D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 3 /1 4 - FO R P R O O F O N LY
• match-all
list-of-flags
—List of TCP flags that should occur. If a flag should
be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”.
Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,
-rst, -syn and -fin. The flags are concatenated to a one string. For example:
+fin-ack.
• time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
•
disable-port—The Ethernet interface is disabled if the condition is
matched.
•
log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in
hardware and logging is done in software, if a large number of packets
match an ACE containing a log-input keyword, the software might not be
able to match the hardware processing rate, and not all packets will be
logged.
Default Configuration
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a
range of ports is used for source port in ACE it is not counted again if it is also
used for source port in another ACE. If a range of ports is used for a
destination port in ACE it is not counted again if it is also used for a
destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used
for destination port.
Example
console(config)# ipv6 access-list server
console(config-ipv6-al)#
deny tcp 3001::2/64 any any 80