Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

221

222

223

224

225

226

227

228

229

230

Version Description

7.6.1.0 Introduced on the S-Series.

7.5.1.0 Introduced on the C-Series.

6.2.1.1 Introduced on the E-Series.

Usage

Information

You can assign one ingress ACL and one egress ACL to an interface.

NOTE: This command supports Loopback interfaces EE3 and EF series route processor modules

(RPMs). This command does not support Loopback interfaces ED series RPMs and S-Series

Loopback interfaces.

NOTE: If you apply outbound(egress) IP acl on a switch port, the filter applies only for routed traffic

egressing out of that port.

To associate an access-list to a non-default VRF, use the vrf attribute of this command. You can use

this command at the interface context (physical/LAG) to apply the access-list to a range of VRFs.

The VRF MODE is not available for the default and management VRFs.

In the Dell EMC Networking OS versions prior to 9.13(0.0), the system does not install any of your ACL

rules if the available CAM space is lesser than what is required for your set of ACL rules. Effective with

the Dell EMC Networking OS version 9.13(0.0), the system installs your ACL rules until all the allocated

CAM memory is used. If there is no implicit permit in your rule, the Dell EMC Networking OS ensures that

an implicit deny is installed at the end of your rule. This behavior is applicable for IPv4 and IPv6 ingress

and egress ACLs.

One of the usage scenarios for using the layer3 keyword at the VLAN level, is to avoid ACL being applied

on the L2 traffic which comes in via ICL.

NOTE: The usage scenario listed above is one of many other usage scenarios.

Commands

● ip access-list standard — configure a standard ACL.

● ip access-list extended — configure an extended ACL.

ipv6 access-group

Assign an IPv6 access list (IPv6 ACL) to an interface.

Syntax

ipv6 access-group access-list-name {in | out} [implicit-permit] [vlan vlan-

id] [layer3]

To delete an IPv6 access-group configuration, use the no ipv6 access-group access-list-

name {in | out} [implicit-permit] [vlan vlan-id][layer3] command.

Parameters

access-list-name

Enter the name of a configured access list, up to 140 characters.

in Enter the keyword in to apply the ACL to incoming traffic.

out Enter the keyword out to apply the ACL to outgoing traffic.

implicit-permit (OPTIONAL) Enter the keyword implicit-permit to change the default action

of the ACL from implicit-deny to implicit-permit (that is, if the traffic does not

match the filters in the ACL, the traffic is permitted instead of dropped).

vlan

vlan-id

(OPTIONAL) Enter the keyword vlan then the ID numbers of the VLANs. The

range is from 1 to 4094 (you can use IDs from 1 to 4094).

layer3 (OPTIONAL) Enter the keyword layer3 to enable layer 3 mode. It ensures that all

the ACL rules in the access-group are applied only for L3 router packets.

Defaults Not enabled.

Command Modes INTERFACE

222 Access Control Lists (ACL)