Support User Manuals

Dell FCX624-E Laptop User Manual

Open as PDF

of 1494

578 PowerConnect B-Series FCX Configuration Guide

53-1002266-01

Filtering on IP precedence and ToS values

16

Clearing the filter count

To clear the filter count for all interfaces on the device, enter a command such as the following.

PowerConnect(config)# clear ACL-on-arp

The above command resets the filter count on all interfaces in a device back to zero.

Syntax: clear ACL-on-arp

Filtering on IP precedence and ToS values

To configure an extended IP ACL that matches based on IP precedence, enter commands such as

the following.

The first entry in this ACL denies TCP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP precedence option “internet” (equivalent to “6”).

The second entry denies all FTP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP precedence value “6” (equivalent to “internet”).

The third entry permits all packets that are not explicitly denied by the other entries. Without this

entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the

ACL.

To configure an IP ACL that matches based on ToS, enter commands such as the following.

The first entry in this IP ACL denies TCP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP ToS option “normal” (equivalent to “0”).

The second entry denies all FTP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP ToS value “13” (equivalent to “max-throughput”, “min-delay”, and

“min-monetary-cost”).

The third entry permits all packets that are not explicitly denied by the other entries. Without this

entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the

ACL.

TCP flags - edge port security

The ege port security feature works in combination with IP ACL rules and can be combined with

other ACL functions (such as dscp-marking and traffic policies), giving you greater flexibility when

designing ACLs.

PowerConnect(config)#access-list 103 deny tcp 209.157.21.0/24 209.157.22.0/24

precedence internet

PowerConnect(config)#access-list 103 deny tcp 209.157.21.0/24 eq ftp

209.157.22.0/24 precedence 6

PowerConnect(config)#access-list 103 permit ip any any

PowerConnect(config)#access-list 104 deny tcp 209.157.21.0/24 209.157.22.0/24

tos normal

PowerConnect(config)#access-list 104 deny tcp 209.157.21.0/24 eq ftp

209.157.22.0/24 tos 13

PowerConnect(config)#access-list 104 permit ip any any

previous next