104 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
To view which IP ACL is applied to an interface, use the show config command (Figure 232) in the
INTERFACE mode or the
show running-config command in the EXEC mode.
Figure 6-9. Command example: show config in the INTERFACE Mode
Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Configuring Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
ip access-group command (Figure 6-10) in the EXEC Privilege mode.
This example also shows applying the ACL, applying rules to the newly created access group, and viewing
the access list:
Step Task
1 Create an ACL that uses rules with the count option. See Configure a standard IP ACL
2 Apply the ACL as an inbound or outbound ACL on an interface. See Assign an IP ACL to an Interface
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.
FTOS(conf-if)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#
To Next Page
Loading...
