Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

371

372

373

374

375

376

377

378

379

380

• Egress L2 ACL

L2 and L3 targeted trac

L2 ACL / L3 ACL Targeted trac

Deny / Deny L3 ACL denies

Deny / Permit L3 ACL permits

Permit / Deny L3 ACL denies

Permit / Permit L3 ACL permits

Assign and apply ACL lters

You can assign an IP ACL lter to a physical interface to lter an Ethernet interface, a port-channel interface, or a VLAN. The IP ACL

applies to all trac entering a physical or port-channel interface, and the trac either forwards or drops depending on the criteria and

actions you congure in the ACL lter.

Apply the same ACL lters to dierent interfaces and the functionality changes — take ACL “ABCD” and apply it using the in keyword and

it becomes an ingress ACL. If you apply the same ACL lter using the out keyword, it becomes an egress ACL.

You can apply an IP ACL lter to a physical or port-channel interface. The number of ACL lters allowed is hardware-dependent.

1 Enter the interface information in CONFIGURATION mode.

interface ethernet node/slot/port

2 Congure an IP address for the interface, placing it in L3 mode in INTERFACE mode.

ip address ip-address

3 Apply an IP ACL lter to trac entering or exiting an interface in INTERFACE mode.

ip access-group access-list-name {in | out}

4 Apply rules to the new ACL in INTERFACE mode.

ip access-list name

5 Save the conguration.

do commit

Congure IP ACL

OS10(config)# interface ethernet 1/1/28

OS10(conf-if-eth1/1/28)# ip address 10.1.2.0/24

OS10(conf-if-eth1/1/28)# ip access-group abcd in

OS10(conf-if-eth1/1/28)# ip access-list acl1

OS10(conf-if-eth1/1/28)# do commit

View ACL Filters applied to interface

OS10# show ip access-lists in

Ingress IP access-list acl1

Active on interfaces :

ethernet1/1/28

seq 10 permit ip host 10.1.1.1 host 100.1.1.1 count (0 packets)

seq 20 deny ip host 20.1.1.1 host 200.1.1.1 count (0 packets)

seq 30 permit ip 10.1.2.0/24 100.1.2.0/24 count (0 packets)

seq 40 deny ip 20.1.2.0/24 200.1.2.0/24 count (0 packets)

seq 50 permit ip 10.0.3.0 255.0.255.0 any count (0 packets)

seq 60 deny ip 20.0.3.0 255.0.255.0 any count (0 packets)

seq 70 permit tcp any eq 1000 100.1.4.0/24 eq 1001 count (0 packets)

seq 80 deny tcp any eq 2100 200.1.4.0/24 eq 2200 count (0 packets)

seq 90 permit udp 10.1.5.0/28 eq 10000 any eq 10100 count (0 packets)

seq 100 deny tcp host 20.1.5.1 any rst psh count (0 packets)

seq 110 permit tcp any any fin syn rst psh ack urg count (0 packets)

380

Access Control Lists