82 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
You can apply the same ACL to different interfaces and that changes its functionality. For example, you
can take ACL “ABCD”, and apply it using the
in keyword and it becomes an ingress access list. If you
apply the same ACL using the
out keyword, it becomes an egress access list.
For more information about Layer-3 interfaces, refer to Interfaces.
To apply an IP ACL (standard or extended) to a physical or port channel interface, follow these steps, in
INTERFACE mode:
To view which IP ACL is applied to an interface, use the
show config command (Figure 5-12) in
INTERFACE mode or the
show running-config command in EXEC mode.
Figure 5-12. Command example: show config command in the INTERFACE Mode
Use only standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. In the MXL Switch, either count (packets) or count (bytes) can be configured. However, for an
ACL with multiple rules, you can configure some ACLs with count (packets) and others as count (bytes) at
any given time.
Step Command Syntax Command Mode Purpose
1
interface interface slot/port
CONFIGURATION Enter the interface number.
2
ip address ip-address
INTERFACE Configure an IP address for the interface, placing
it in Layer-3 mode.
3
ip access-group access-list-name {in
| out} [implicit-permit] [vlan
vlan-range]
INTERFACE Apply an IP ACL to traffic entering or exiting an
interface.
out: configure the ACL to filter outgoing traffic.
• Note: The number of entries allowed per
ACL is hardware-dependent.
4
ip access-list [standard | extended]
name
INTERFACE Apply rules to the new ACL.
FTOS(conf-if)#show conf
!
interface TenGigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#
To Next Page
Loading...
