Manualshelf

Reference Guide

ManualsBrandsDell ManualsserversDell Force10 S55T
101102103104105106107108109110
Access Control Lists (ACL), Prefix Lists, and Route-maps | 109
For information on MAC ACLs, refer to Chapter 20, “Layer 2,” on page 383.
Assign an IP ACL to an Interface
Ingress IP ACLs are supported on platforms: c and s
Ingress and Egress IP ACL are supported on platform:
e
To pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a port
channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel
interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in
the ACL.
The same ACL may be applied to different interfaces and that changes its functionality. For example, you
can take ACL "ABCD", and apply it using the
in keyword and it becomes an ingress access list. If you
apply the same ACL using the
out keyword, it becomes an egress access list. If you apply the same ACL to
the loopback interface, it becomes a loopback access list.
This chapter covers the following topics:
Configuring Ingress ACLs
For more information on Layer-3 interfaces, refer to Chapter 15, Interfaces.
To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in
the following sequence in the INTERFACE mode:
To view which IP ACL is applied to an interface, use the
show config command (Figure 232) in the
INTERFACE mode or the
show running-config command in the EXEC mode.
Step Command Syntax Command Mode Purpose
1
interface interface slot/port
CONFIGURATION Enter the interface number.
2
ip address ip-address
INTERFACE Configure an IP address for the interface, placing
it in Layer-3 mode.
3
ip access-group access-list-name
{
in} [implicit-permit] [vlan
vlan-range]
INTERFACE Apply an IP ACL to traffic entering or exiting an
interface.
Note: The number of entries allowed per
ACL is hardware-dependent. Refer to
your line card documentation for detailed
specification on entries allowed per ACL.
4
ip access-list [standard |
extended]
name
INTERFACE Apply rules to the new ACL.