Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

101

102

103

104

105

106

107

108

109

110

no shutdown

FTOS(conf-if-gige0/0)#end

FTOS#configure terminal

FTOS(conf)#ip access-list extended abcd

FTOS(config-ext-nacl)#permit tcp any any

FTOS(config-ext-nacl)#deny icmp any any

FTOS(config-ext-nacl)#permit 1.1.1.2

FTOS(config-ext-nacl)#end

FTOS#

show ip accounting access-list

Extended Ingress IP access list abcd on gigethernet 0/0

seq 5 permit tcp any any

seq 10 deny icmp any any

seq 15 permit 1.1.1.2

Configure Egress ACLs

Egress ACLs are supported on the S4820T platform.

Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical

interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only

authorized traffic. These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same

results. By localizing target traffic, it is a simpler implementation.

To restrict egress traffic, use an egress ACL. For example, when a direct operating system (DOS) attack traffic is isolated

to a specific interface, you can apply an egress ACL to block the flow from the exiting the box, thus protecting

downstream devices.

To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing

the configuration, applying rules to the newly created access group, and viewing the access list.

Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration

To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended

abcd command. To view the access-list, use the show command.

FTOS(conf)#interface gige 0/0

FTOS(conf-if-gige0/0)#ip access-group abcd out

FTOS(conf-if-gige0/0)#show config

gigethernet 0/0

no ip address

ip access-group abcd out