Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
381382383384385386387388389390
seq 120 deny icmp 20.1.6.0/24 any fragment count (0 packets)
seq 130 permit 150 any any dscp 63 count (0 packets)
Use the count option when creating ACL entries to view the number of packets matching the ACL.
Create an ACL that uses rules with the count option (see Assign sequence number to lter).
Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching
the ACL.
show ip access-list {in | out}
Ingress ACL lters
To create an ingress ACL lter, use the ip access-group command in EXEC mode. To congure ingress, use the in keyword. You can
apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists
command.
1 Apply an access-list on the interface with ingress direction in INTERFACE mode.
ip access-group access-group-name in
2 Return to CONFIGURATION mode.
exit
3 Create the access-list in CONFIGURATION mode.
ip access-list access-list-name
4 Create the rules for the access-list in ACCESS-LIST mode.
permit ip host ip-address host ip-address count
5 Save the conguration.
do commit
Apply ACL rules to access-group and view access-list
OS10(config)# interface ethernet 1/1/28
OS10(conf-if-eth1/1/28)# ip access-group abcd in
OS10(conf-if-eth1/1/28)# exit
OS10(config)# ip access-list acl1
OS10(conf-ipv4-acl)# permit ip host 10.1.1.1 host 100.1.1.1 count
OS10(conf-ipv4-acl)# do commit
Egress ACL lters
Egress ACL lters aect the trac leaving the network. Conguring egress ACL lters onto physical interfaces protects the system
infrastructure from a malicious and intentional attack by explicitly allowing only authorized trac. These system-wide ACL lters eliminate
the need to apply ACL lters onto each interface and achieves the same results.
You can use an egress ACL lter to restrict egress trac. For example, when a denial of service (DOS) attack trac is isolated to a specic
interface, you can apply an egress ACL lter to block the ow from exiting the network and protecting downstream devices.
1 Apply an access-list on the interface with egress direction in INTERFACE mode.
ip access-group access-group-name out
2 Return to CONFIGURATION mode.
exit
3 Create the access-list in CONFIGURATION mode.
ip access-list access-list-name
4 Create the rules for the access-list in ACCESS-LIST mode.
seq 10 deny ip any any count fragment
5 Save the conguration.
do commit
Access Control Lists
381