Reference Guide
146 | IP Access Control Lists (ACL), Prefix Lists, and Route-maps
www.dell.com | support.dell.com
To view which IP ACL is applied to an interface, use the show config command in the INTERFACE mode
or the
show running-config command in the EXEC mode.
FTOS(conf-if)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#
Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Configuring Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
ip access-group command in the EXEC Privilege mode. This example
also shows applying the ACL, applying rules to the newly created access group, and viewing the access
list:
FTOS(conf)#interface gige 0/0
FTOS(conf-if-gige0/0)#ip access-group abcd in
FTOS(conf-if-gige0/0)#show config
!
gigethernet 0/0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-gige0/0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended abcd
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
Step Task
1 Create an ACL that uses rules with the count option. Refer to Configure a standard IP ACL
2 Apply the ACL as an inbound or outbound ACL on an interface. Refer to Assign an IP ACL to an Interface
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.