Manualshelf

Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
121122123124125126127128129130
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL,
rules to the newly created access group, and viewing the access list.
Example of Applying ACL Rules to Ingress Trac and Viewing ACL Conguration
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command.
To view the access-list, use the show command.
Dell(conf)#interface gigabitethernet 1/1
Dell(conf-if-gi1/1)#ip access-group abcd in
Dell(conf-if-gi1/1)#show config
!
gigabitethernet 1/1
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-gi1/1)#end
Dell#configure terminal
Dell(conf)#
ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#show ip accounting access-list
!
Extended Ingress IP access list abcd on gigabitethernet 1/1
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Dell(conf)#interface tengigabitethernet 1/1/1
Dell(conf-if-te1/1/1)#ip access-group abcd in
Dell(conf-if-te1/1/1)#show config
!
tengogabitethernet 1/1/1
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-te1/1/1)#end
Dell#configure terminal
Dell(conf)#
ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#
show ip accounting access-list
!
Extended Ingress IP access list abcd on tengigabitethernet 1/1/1
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Congure Egress ACLs
Egress ACLs are applied to line cards and aect the trac leaving the system. Conguring egress ACLs onto physical interfaces
protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized trac. These
system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it
is a simpler implementation.
To restrict egress trac, use an egress ACL. For example, when a denial of service (DOS) attack trac is isolated to a specic
interface, you can apply an egress ACL to block the ow from the exiting the box, thus protecting downstream devices.
To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing the
conguration, applying rules to the newly created access group, and viewing the access list.
Access Control Lists (ACLs)
123