Manualshelf

Setup Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch
131132133134135136137138139140
3 Apply an IP ACL to trac entering or exiting an interface.
INTERFACE mode
ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf-range]
[layer3]
NOTE:
The number of entries allowed per ACL is hardware-dependent. For detailed specication about entries allowed per ACL,
refer to your line card documentation.
One of the usage scenarios is to avoid ACL being applied on the L2 trac which comes in via ICL. The layer 3 keyword
can be used at the VLAN level.
4 Apply rules to the new ACL.
INTERFACE mode
ip access-list [standard | extended] name
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-
config command in EXEC mode.
Example of Viewing ACLs Applied to an Interface
To lter trac on Telnet sessions, use only standard ACLs in the access-class command.
Applying Ingress ACLs on the Port Extender
Ingress ACLs are applied to port extender interfaces and to trac entering the system.
These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it
is a simpler implementation.
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL, rules to
the newly created access group, and viewing the access list.
Example of Applying ACL Rules to Ingress Trac and Viewing ACL Conguration
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To
view the access-list, use the show command.
Dell(conf)#interface pegigE 1/0/0
Dell(conf-if-pegi-1/0/0)#ip access-group abcd in
Dell(conf-if-pegi-1/0/0)#show config
!
pegig 1/0/0
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-pegi-1/0/0)#end
Dell#configure terminal
Dell(conf)#
ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#show ip accounting access-list
!
Extended Ingress IP access list abcd on pegigE 1/0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
132
Access Control Lists (ACLs)