Example of Logging Denied Packets
To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/
UDP fragments, use a configuration similar to the following.
Dell(conf)#ip access-list extended ABC
Dell(conf-ext-nacl)#permit tcp any any fragment
Dell(conf-ext-nacl)#permit udp any any fragment
Dell(conf-ext-nacl)#
deny ip any any log
Dell(conf-ext-nacl)
When configuring ACLs with the fragments keyword, be aware of the following.
When an ACL filters packets, it looks at the fragment offset (FO) to determine whether it is a fragment.
• FO = 0 means it is either the first fragment or the packet is a non-fragment.
• FO > 0 means it is dealing with the fragments of the original packet.
Configure a Standard IP ACL
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode.
For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command
Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
A standard IP ACL uses the source IP address as its match criterion.
1. Enter IP ACCESS LIST mode by naming a standard IP access list.
CONFIGURATION mode
ip access-list standard access-listname
2. Configure a drop or forward filter.
CONFIG-STD-NACL mode
seq sequence-number {deny | permit} {source [mask] | any | host ip-address}
[count [byte] [dscp] [order] [fragments]
NOTE: When assigning sequence numbers to filters, keep in mind that you might need to insert a
new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five.
To view the rules of a particular ACL configured on a particular interface, use the show ip accounting
access-list
ACL-name interface interface command in EXEC Privilege mode.
Example of Viewing the Rules of a Specific ACL on an Interface
The following is an example of viewing the rules of a specific ACL on an interface.
Dell#show ip accounting access-list ToOspf interface gig 1/6
Standard IP access list ToOspf
seq 5 deny any
seq 10 deny 10.2.0.0 /16
seq 15 deny 10.3.0.0 /16
seq 20 deny 10.4.0.0 /16
seq 25 deny 10.5.0.0 /16
seq 30 deny 10.6.0.0 /16
seq 35 deny 10.7.0.0 /16
seq 40 deny 10.8.0.0 /16
seq 45 deny 10.9.0.0 /16
136
Access Control Lists (ACLs)
To Next Page
Loading...
Need help?
General