118 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
To view which IP ACL is applied to an interface, use the show config command in the INTERFACE mode
as shown below or the
show running-config command in the EXEC mode.
FTOS(conf-if)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#
Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
3
ip access-group access-list-name
{in | out} [implicit-permit] [vlan
vlan-range]
INTERFACE Apply an IP ACL to traffic entering or exiting an
interface.
•
out: configure the ACL to filter outgoing
traffic. This keyword is supported only on
E-Series.
Note: The number of entries allowed per ACL is
hardware-dependent. Refer to your line card
documentation for detailed specification on entries
allowed per ACL.
4
ip access-list [standard |
extended]
name
INTERFACE Apply rules to the new ACL.
Step Task
1 Create an ACL that uses rules with the count option. See Configure a standard IP ACL
2 Apply the ACL as an inbound or outbound ACL on an interface. See Assign an IP ACL to an Interface
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.
Step Command Syntax Command Mode Purpose
To Next Page
Loading...
