Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON
211212213214215216217218219220
Version Description
7.8.1.0 Increased the name string to accept up to 140 characters. Prior to 7.8.1.0, names were up
to 16 characters long.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
6.2.1.1 Introduced on the E-Series.
Usage Information You can assign one ingress ACL and one egress ACL to an interface.
NOTE: This command supports Loopback interfaces EE3 and EF series route processor modules
(RPMs). This command does not support Loopback interfaces ED series RPMs and S-Series Loopback
interfaces.
NOTE: If you apply outbound(egress) IP acl on a switch port, the lter applies only for routed trac
egressing out of that port.
To associate an access-list to a non-default VRF, use the vrf attribute of this command. You can use this
command at the interface context (physical/LAG) to apply the access-list to a range of VRFs.
The VRF MODE is not available for the default and management VRFs.
In the Dell EMC Networking OS versions prior to 9.13(0.0), the system does not install any of your ACL rules if the
available CAM space is lesser than what is required for your set of ACL rules. Eective with the Dell EMC
Networking OS version 9.13(0.0), the system installs your ACL rules until all the allocated CAM memory is used. If
there is no implicit permit in your rule, the Dell EMC Networking OS ensures that an implicit deny is installed at the
end of your rule. This behavior is applicable for IPv4 and IPv6 ingress and egress ACLs.
One of the usage scenarios for using the layer3 keyword at the VLAN level, is to avoid ACL being applied on the L2
trac which comes in via ICL.
NOTE: The usage scenario listed above is one of many other usage scenarios.
Related Commands
ip access-list standardcongure a standard ACL.
ip access-list extendedcongure an extended ACL.
ip mirror-access-group
Assign an IP mirror access control to an interface.
Syntax
ip mirror-access-group access-list-name {in} [implicit-permit] [vlan vlan-id]
[optimized]
To remove an IP mirror-access-group conguration, use the no ip mirror-access-group access-list-
name {in | out} [implicit-permit] [vlan vlan-id] [optimized] command.
Parameters
access-list-name Enter the name of a congured access list, up to 140 characters.
in Enter the keyword in to apply the ACL to incoming trac.
212 Access Control Lists (ACL)