144 | IP Access Control Lists (ACL), Prefix Lists, and Route-maps
www.dell.com | support.dell.com
When you use the log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
TCP packets: To create a filter for TCP packets with a specified sequence number, use these commands in
the following sequence, starting in the CONFIGURATION mode:
When you use the log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
UDP packets: To create a filter for UDP packets with a specified sequence number, use these commands
in the following sequence, starting in the CONFIGURATION mode:
2seq sequence-number {deny |
permit} {ip-protocol-number |
icmp | ip | tcp | udp}
{source mask | any | host
ip-address} {destination mask |
any | host ip-address} [operator
port [port]] [count [byte] | log]
[order] [monitor] [fragments]
CONFIG-EXT-NACL Configure a drop or forward filter.
•log and monitor options are supported on
E-Series only.
Step Command Syntax Command Mode Purpose
1ip access-list extended
access-list-name CONFIGURATION Create an extended IP ACL and assign it a
unique name.
2seq sequence-number {deny |
permit} tcp {source mask | any
| host ip-address}} [count
[byte] | log] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure an extended IP ACL filter for TCP
packets.
•log and monitor options are supported on
E-Series only.
Step Command Syntax Command Mode Purpose
1ip access-list extended
access-list-name CONFIGURATION Create a extended IP ACL and assign it a unique
name.
2seq sequence-number {deny |
permit} {ip-protocol-number
udp} {source mask | any |
host ip-address} {destination
mask | any | host ip-address}
[operator port [port]] [count
[byte] | log] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure an extended IP ACL filter for UDP
packets.
•log and monitor options are supported on
E-Series only.
Step Command Syntax Command Mode Purpose