Users Guide

ManualsBrandsDell ManualsAccess PlatformsOS9

121

122

123

124

125

126

127

128

129

130

no shutdown

DellEMC(conf-if)#

To filter traffic on Telnet sessions, use only standard ACLs in the access-class command.

Counting ACL Hits

You can view the number of packets matching the ACL by using the count option when creating ACL entries.

1. Create an ACL that uses rules with the count option. Refer to Configure a Standard IP ACL Filter.

2. Apply the ACL as an inbound or outbound ACL on an interface.

3. show ip accounting access-list

EXEC Privilege mode

View the number of packets matching the ACL.

Configure Ingress ACLs

Ingress ACLs are applied to interfaces and to traffic entering the system.

These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing

target traffic, it is a simpler implementation.

To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the

ACL, rules to the newly created access group, and viewing the access list.

Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration

To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd

command. To view the access-list, use the show command.

DellEMC(conf)#interface tengigabitethernet 1/1/1

DellEMC(conf-if-te1/1/1)#ip access-group abcd in

DellEMC(conf-if-te1/1/1)#show config

tengogabitethernet 1/1/1

no ip address

ip access-group abcd in

no shutdown

DellEMC(conf-if-te1/1/1)#end

DellEMC#configure terminal

DellEMC(conf)#ip access-list extended abcd

DellEMC(config-ext-nacl)#permit tcp any any

DellEMC(config-ext-nacl)#deny icmp any any

DellEMC(config-ext-nacl)#permit 1.1.1.2

DellEMC(config-ext-nacl)#end

DellEMC#show ip accounting access-list

Extended Ingress IP access list abcd on tengigabitethernet 1/1/1

seq 5 permit tcp any any

seq 10 deny icmp any any

seq 15 permit 1.1.1.2

Configure Egress ACLs

Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces

protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These

system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target

traffic, it is a simpler implementation.

To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific

interface, you can apply an egress ACL to block the flow from the exiting the box, thus protecting downstream devices.

Access Control Lists (ACLs)

121