Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T
111112113114115116117118119120
!
Extended Ingress IP access list abcd on tengigabitethernet 1/1
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Congure Egress ACLs
Egress ACLs are applied to line cards and aect the trac leaving the system. Conguring egress ACLs onto physical interfaces
protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized trac. These
system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it
is a simpler implementation.
To restrict egress trac, use an egress ACL. For example, when a denial of service (DOS) attack trac is isolated to a specic
interface, you can apply an egress ACL to block the ow from the exiting the box, thus protecting downstream devices.
To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing the
conguration, applying rules to the newly created access group, and viewing the access list.
NOTE: VRF based ACL congurations are not supported on the egress trac.
Example of Applying ACL Rules to Egress Trac and Viewing ACL Conguration
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd
command. To view the access-list, use the show command.
Dell(conf)#interface TenGigabitEthernet 1/1
Dell(conf-if-te-1/1)#ip access-group abcd out
Dell(conf-if-te-1/1)#show config
!
TenGigabitEthernet 1/1
no ip address
ip access-group abcd out
no shutdown
Dell(conf-if-te-1/1)#end
Dell#configure terminal
Dell(conf)#
ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#show ip accounting access-list
!
Extended Ingress IP access list abcd on tengigabitethernet 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Dell#configure terminal
Dell(conf)#interface te 1/2
Dell(conf-if-te-1/2)#ip vrf forwarding blue
Dell(conf-if-te-1/2)#show config
!
interface TenGigabitEthernet 1/2
ip vrf forwarding blue
no ip address
shutdown
Dell(conf-if-te-1/2)#
Dell(conf-if-te-1/2)#
Dell(conf-if-te-1/2)#end
Dell#
120
Access Control Lists (ACLs)