Manualshelf

Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
121122123124125126127128129130
NOTE: VRF based ACL congurations are not supported on the egress trac.
Example of Applying ACL Rules to Egress Trac and Viewing ACL Conguration
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd
command. To view the access-list, use the show command.
Dell(conf)#interface GigabitEthernet 1/1
Dell(conf-if-gi-1/1)#ip access-group abcd out
Dell(conf-if-gi-1/1)#show config
!
GigabitEthernet 1/1
no ip address
ip access-group abcd out
no shutdown
Dell(conf-if-gi-1/1)#end
Dell#configure terminal
Dell(conf)#
ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#show ip accounting access-list
!
Extended Ingress IP access list abcd on gigabitethernet 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Dell#configure terminal
Dell(conf)#interface gigabitethernet 1/2
Dell(conf-if-gi-1/2)#ip vrf forwarding blue
Dell(conf-if-gi-1/2)#show config
!
interface GigabitEthernet 1/2
ip vrf forwarding blue
no ip address
shutdown
Dell(conf-if-gi-1/2)#
Dell(conf-if-gi-1/2)#
Dell(conf-if-gi-1/2)#end
Dell#
Applying Egress Layer 3 ACLs (Control-Plane)
By default, packets originated from the system are not ltered by egress ACLs.
For example, if you initiate a ping session from the system and apply an egress ACL to block this type of trac on the interface, the
ACL does not aect that ping trac. The Control Plane Egress Layer 3 ACL feature enhances IP reachability debugging by
implementing control-plane ACLs for CPU-generated and CPU-forwarded trac. Using permit rules with the
count option, you can
track on a per-ow basis whether CPU-generated and CPU-forwarded packets were transmitted successfully.
NOTE: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter]
commands are not supported.
1. Apply Egress ACLs to IPv4 system trac.
CONFIGURATION mode
ip control-plane [egress filter]
2. Apply Egress ACLs to IPv6 system trac.
CONFIGURATION mode
ipv6 control-plane [egress filter]
3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU trac.
124
Access Control Lists (ACLs)