Command History
Version 8.2.1.0
Allows ACL control of fragmented packets for IP (Layer 3) ACLs.
Version 8.1.1.0
Introduced on the E-Series ExaScale.
Version 7.4.1.0
Added the
monitor
option.
Version 6.5.10
Expanded to include the optional QoS
order
priority for the ACL
entry.
Usage
Information
The
monitor
option is relevant in the context of flow-based monitoring only. For more
information, refer to
Port Monitoring
.
The
order
option is relevant in the context of the Policy QoS feature only. The following
applies:
•
The
seq
sequence-number
command is applicable only in an ACL group.
•
The
order
option works across ACL groups that have been applied on an interface
via the QoS policy framework.
•
The
order
option takes precedence over
seq
sequence-number
.
•
If
sequence-number
is not configured, the rules with the same order value are
ordered according to their configuration order.
•
If
sequence-number
is configured, the sequence-number is used as a tie breaker
for rules with the same order.
When you use the
log
option, the CP processor logs details about the packets that match.
Depending on how many packets match the log entry and at what rate, the CP may become
busy as it has to log these packets’ details.
You cannot include IP, TCP, or UDP (Layer 3) filters in an ACL configured with ARP or Ether-
type (Layer 2) filters. Apply Layer 2 ACLs to interfaces in Layer 2 mode.
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
seq ether-type
Configure an egress filter with a specific sequence number that filters traffic with specified types of Ethernet packets.
This command is supported only on 12-port GE line cards with SFP optics. For specifications, refer to your line card
documentation.
E-Series
Syntax
seq
sequence-number
{deny | permit} ether-type
protocol-type-
number
{
destination-mac-address mac-address-mask
| any} vlan
vlan-id
{
source-mac-address mac-address-mask
| any} [count
[byte] | log] [order] [monitor]
To remove this filter, use the no seq
sequence-number
command.
Parameters
sequence-
number
Enter a number from 0 to 4294967290.
deny
Enter the keyword
deny
to drop all traffic meeting the filter criteria..
257
Summary of Contents for Force10 Z9000
Page 1: ...FTOS Command Line Reference Guide for the Z9000 System FTOS 9 1 0 0 ...
Page 96: ...96 ...
Page 194: ...194 ...
Page 312: ...312 ...
Page 540: ...540 ...
Page 546: ...546 ...
Page 560: ...560 ...
Page 566: ...566 ...
Page 590: ...action act UpdateCounter param0 1 0x01 param1 0 0x00 output truncated 590 ...
Page 624: ...624 ...
Page 638: ...638 ...
Page 648: ...648 ...
Page 659: ...Related Commands show gvrp displays the GVRP configuration 659 ...
Page 660: ...660 ...
Page 834: ...834 ...
Page 854: ...854 ...
Page 906: ...906 ...
Page 914: ...914 ...
Page 976: ...976 ...
Page 990: ...990 ...
Page 1006: ...1006 ...
Page 1008: ...1008 ...
Page 1026: ...1026 ...
Page 1145: ...10 211 1 2 Outgoing interface list GigabitEthernet 8 0 1145 ...
Page 1146: ...1146 ...
Page 1156: ...1156 ...
Page 1166: ...1166 ...
Page 1180: ...1180 ...
Page 1258: ...1258 ...
Page 1272: ...1272 ...
Page 1394: ...1394 ...
Page 1400: ...1400 ...
Page 1410: ...1410 ...
Page 1424: ...1424 ...
Page 1444: ...1444 ...
Page 1468: ...Version 8 3 8 0 Introduced on the S4810 1468 ...
Page 1470: ...1470 ...