Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
121122123124125126127128129130
To lter trac on Telnet sessions, use only standard ACLs in the access-class command.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL entries.
You can congure either count (packets) or count (bytes). However, for an ACL with multiple rules, you can congure some ACLs with
count (packets) and others as count (bytes) at any given time.
1 Create an ACL that uses rules with the count option. Refer to Conguring a Standard IP ACL Filter.
2 Apply the ACL as an inbound or outbound ACL on an interface. Refer to Assign an IP ACL to an Interface.
3 View the number of packets matching the ACL.
EXEC Privilege mode
show ip accounting access-list
Congure Ingress ACLs
Ingress ACLs are applied to interfaces and to trac entering the system.
These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it
is a simpler implementation.
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL, rules to
the newly created access group, and viewing the access list.
Example of Applying ACL Rules to Ingress Trac and Viewing ACL Conguration
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To
view the access-list, use the show command.
Dell(conf)#interface tengig 0/0
Dell(conf-if-tengig0/0)#ip access-group abcd in
Dell(conf-if-tengig0/0)#show config
!
tengigethernet 0/0
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-tengig0/0)#end
Dell#configure terminal
Dell(conf)#ip access-list extended
abcd
Dell(conf-ext-nacl)#permit tcp any any
Dell(conf-ext-nacl)#deny icmp any any
Dell(conf-ext-nacl)#permit 1.1.1.2
Dell(conf-ext-nacl)#end
Dell#
show ip accounting access-list
!
Extended Ingress IP access list abcd on tengigethernet 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Congure Egress ACLs
Conguring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly
allowing only authorized trac.
These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it
is a simpler implementation.
Access Control Lists (ACLs)
121