Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

881

882

883

884

885

886

887

888

889

890

• Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching

the ACL.

show ip access-list {in | out}

Ingress ACL lters

To create an ingress ACL lter, use the ip access-group command in EXEC mode. To congure ingress, use the in keyword. Apply

rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command.

1 Apply an ingress access-list on the interface in INTERFACE mode.

ip access-group access-group-name in

2 Return to CONFIGURATION mode.

exit

3 Create the access-list in CONFIGURATION mode.

ip access-list access-list-name

4 Create the rules for the access-list in ACCESS-LIST mode.

permit ip host ip-address host ip-address count

Apply ACL rules to access-group and view access-list

OS10(config)# interface ethernet 1/1/28

OS10(conf-if-eth1/1/28)# ip access-group abcd in

OS10(conf-if-eth1/1/28)# exit

OS10(config)# ip access-list acl1

OS10(conf-ipv4-acl)# permit ip host 10.1.1.1 host 100.1.1.1 count

Egress ACL lters

Egress ACL lters aect the trac leaving the network. Conguring egress ACL lters onto physical interfaces protects the system

infrastructure from a malicious and intentional attack by explicitly allowing only authorized trac. These system-wide ACL lters eliminate

the need to apply ACL lters onto each interface.

You can use an egress ACL lter to restrict egress trac. For example, when you isolate denial of service (DoS) attack trac to a specic

interface, and apply an egress ACL lter to block the DoS ow from exiting the network, you protect downstream devices.

1 Apply an egress access-list on the interface in INTERFACE mode.

ip access-group access-group-name out

2 Return to CONFIGURATION mode.

exit

3 Create the access-list in CONFIGURATION mode.

ip access-list access-list-name

4 Create the rules for the access-list in ACCESS-LIST mode.

seq 10 deny ip any any count fragment

Apply rules to ACL lter

OS10(config)# interface ethernet 1/1/29

OS10(conf-if-eth1/1/29)# ip access-group egress out

OS10(conf-if-eth1/1/29)# exit

OS10(config)# ip access-list egress

OS10(conf-ipv4-acl)# seq 10 deny ip any any count fragment

View IP ACL lter conguration

OS10# show ip access-lists out

Egress IP access-list abcd

Active on interfaces :

Access Control Lists

887