Example
An ACL rule with a TCP port range of 4000–8000 uses eight entries in the CAM.
Rule# Data Mask From To #Covered
1 0000111110100000 1111111111100000 4000 4031 32
2 0000111111000000 1111111111000000 4032 4095 64
3 0001000000000000 1111100000000000 4096 6143 2048
4 0001100000000000 1111110000000000 6144 7167 1024
5 0001110000000000 1111111000000000 7168 7679 512
6 0001111000000000 1111111100000000 7680 7935 256
7 0001111100000000 1111111111000000 7936 7999 64
8 0001111101000000 1111111111111111 8000 8000 1
Total Ports: 4001
Example
An ACL rule with a TCP port lt 1023 uses only one entry in the CAM.
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related Commands
•
— assign a filter to deny IP traffic.
•
— assign a filter to deny UDP traffic.
deny udp
To drop user datagram protocol (UDP) packets meeting the filter criteria, configure a filter.
Syntax
deny udp {
source mask
| any | host
ip-address
} [
operator port
[
port
]]
{
destination mask
| any | host
ip-address
} [dscp] [operator port [
port
]] [count
[byte] [order] [fragments] [monitor [
session-ID
]] [no-drop]
To remove this filter, you have two choices:
•
Use the
no seq
sequence-number
command if you know the filter’s sequence number.
•
Use the
no deny udp {
source mask
| any | host
ip-address
} {
destination mask
|
any | host
ip-address
}
command.
Parameters
source
Enter the IP address of the network or host from which the packets were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in
A.B.C.D format, may be either contiguous or non-contiguous.
any
Enter the keyword
any
to specify that all routes are subject to the filter.
host
ip-address
Enter the keyword
host
then the IP address to specify a host IP address.
dscp
Enter this keyword
dscp
to deny a packet based on the DSCP value. The range is from 0
to 63.
operator
(OPTIONAL) Enter one of the following logical operand:
•
eq
= equal to
•
neq
= not equal to
•
gt
= greater than
206
Access Control Lists (ACL)
Содержание S6100
Страница 1: ...Dell Command Line Reference Guide for the S6100 ON System 9 11 2 0P1 ...
Страница 474: ...protocol list ttl0 ttl1 Dell 474 Control Plane Policing CoPP ...
Страница 979: ... show lldp neighbors display the LLDP neighbors Link Layer Discovery Protocol LLDP 979 ...
Страница 1627: ... uplink state group creates an uplink state group and enables the tracking of upstream links Uplink Failure Detection UFD 1627 ...