Dell S50V Switch User Manual


  Open as PDF
of 1262
 
942 | Security
www.dell.com | support.dell.com
Trace Lists
The Trace Lists feature is supported only on the E-Series: e
You can log packet activity on a port to confirm the source of traffic attacking a system. Once the Trace list
is enabled on the system, you view its traffic log to confirm the source address of the attacking traffic. In
FTOS, Trace lists are similar to extended IP ACLs, except that Trace lists are not applied to an interface.
Instead, Trace lists are enabled for all switched traffic entering the system.
The number of entries allowed per trace list is 1K.
In the E-Series, you can create a trace filter based on any of the following criteria:
Source IP address
Destination IP address
Source TCP port number
Destination TCP port number
Source UDP port number
Destination UDP port number
For trace lists, you can match criteria on specific or ranges of TCP or UDP ports or established TCP
sessions.
When creating a trace list, the sequence of the filters is important. You have a choice of assigning sequence
numbers to the filters as you enter them, or FTOS assigns numbers in the order the filters were created. For
more information on sequence numbering, refer to Chapter 21, IP Access Control Lists, Prefix Lists, and
Route-maps, on page 419.
Configuration Tasks for Trace Lists
The following configuration steps include mandatory and optional steps.
Creating a trace list on page 942 (mandatory)
Apply trace lists on page 947 (mandatory)
For a complete listing of all commands related to trace lists, refer to the Security chapter in the FTOS
Command Reference.
Creating a trace list
Trace lists filter and log traffic based on source and destination IP addresses, IP host addresses, TCP
addresses, TCP host addresses, UDP addresses, and UDP host addresses. When configuring the Trace list
filters, include the
count and bytes parameters so that any hits to that filter are logged.
Note: If there are unresolved next-hops and a trace-list is enabled, there is a possibility that the traffic
hitting the CPU will not be rate-limited.