monitor
(OPTIONAL) Enter the keyword
monitor
when the rule is describing
the traffic that you want to monitor and the ACL in which you are
creating the rule is applied to the monitored interface.
NOTE: For more information, refer to the Flow-based Monitoring
section in the Port Monitoring chapter of the
FTOS Configuration
Guide
.
fragments
Enter the keyword
fragments
to use ACLs to control packet
fragments.
Defaults
Not configured.
Command Modes
CONFIGURATION-EXTENDED-ACCESS-LIST
Command History
Version 8.2.1.0
Allows ACL control of fragmented packets for IP (Layer 3) ACLs.
Version 8.1.1.0
Introduced on the E-Series ExaScale.
Version 7.4.1.0
Added the
monitor
option.
Version 6.5.10
Expanded to include the optional QoS
order
priority for the ACL
entry.
Usage
Information
The
order
option is relevant in the context of the Policy QoS feature only. For more
information, refer to the “Quality of Service” chapter of the
FTOS Configuration Guide
.
When you use the
log
option, the CP processor logs details about the packets that match.
Depending on how many packets match the log entry and at what rate, the CP may become
busy as it has to log these packets’ details.
The
monitor
option is relevant in the context of flow-based monitoring only. For more
information, refer to
Port Monitoring
.
You cannot include IP, TCP, or UDP filters in an ACL configured with ARP filters.
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
permit ether-type
Configure a filter that allows traffic with specified types of Ethernet packets. This command is supported only on 12-port
GE line cards with SFP optics. For specifications, refer to your line card documentation.
E-Series
Syntax
permit ether-type
protocol-type-number
{
destination-mac-address
mac-address-mask
| any} vlan
vlan-id
{
source-mac-address mac-
address-mask
| any} [count [byte] | log] [order] [monitor]
To remove this filter, you have two choices:
•
Use the
no seq
sequence-number
command if you know the filter’s sequence
number.
•
Use the
no permit ether-type
protocol-type-number
{
destination-mac-address mac-address-mask
| any} vlan
266
Summary of Contents for Force10 S4810P
Page 1: ...FTOS Command Line Reference Guide for the S4810 System FTOS 9 1 0 0 ...
Page 48: ...48 ...
Page 62: ...62 ...
Page 92: ...92 ...
Page 102: ...102 ...
Page 202: ...202 ...
Page 216: ...216 ...
Page 334: ...334 ...
Page 564: ...564 ...
Page 570: ...570 ...
Page 594: ...594 ...
Page 632: ...632 ...
Page 642: ...642 ...
Page 662: ...662 ...
Page 670: ...Related Commands clear ip dhcp snooping clears the contents of the DHCP binding table 670 ...
Page 688: ...688 ...
Page 702: ...702 ...
Page 712: ...712 ...
Page 723: ...Related Commands show gvrp displays the GVRP configuration 723 ...
Page 724: ...724 ...
Page 736: ...736 ...
Page 900: ...900 ...
Page 934: ...934 ...
Page 958: ...958 ...
Page 966: ...966 ...
Page 1018: ...1018 ...
Page 1026: ...1026 ...
Page 1086: ...1086 ...
Page 1100: ...1100 ...
Page 1116: ...1116 ...
Page 1164: ...1164 ...
Page 1268: ...1268 ...
Page 1276: ...1276 ...
Page 1286: ...1286 ...
Page 1300: ...1300 ...
Page 1376: ...1376 ...
Page 1390: ...1390 ...
Page 1460: ...1460 ...
Page 1512: ...1512 ...
Page 1518: ...1518 ...
Page 1528: ...1528 ...
Page 1538: ...1538 ...
Page 1552: ...1552 ...
Page 1572: ...1572 ...
Page 1612: ...1612 ...