Users Guide
CONFIGURATION mode
interface interface slot/port
2 Configure an IP address for the interface, placing it in Layer-3 mode.
INTERFACE mode
ip address ip-address
3 Apply an IP ACL to traffic entering or exiting an interface.
INTERFACE mode
ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf vrf-range]
NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed
per ACL, refer to your line card documentation.
4 Apply rules to the new ACL.
INTERFACE mode
ip access-list [standard | extended] name
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show
running-config
command in EXEC mode.
Example of Viewing ACLs Applied to an Interface
Dell(conf-if)#show conf
!
interface GigabitEthernet 1/1
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
Dell(conf-if)#
To filter traffic on Telnet sessions, use only standard ACLs in the access-class command.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL entries.
1 Create an ACL that uses rules with the count option. Refer to Configure a Standard IP ACL Filter.
2 Apply the ACL as an inbound or outbound ACL on an interface.
3 show ip accounting access-list
EXEC Privilege mode
View the number of packets matching the ACL.
Configure Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.
These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing
target traffic, it is a simpler implementation.
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the
ACL, rules to the newly created access group, and viewing the access list.
Access Control Lists (ACLs) 116