Reference Guide
114 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Configuring Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
ip access-group command in the EXEC Privilege mode as shown
below. This example also shows applying the ACL, applying rules to the newly created access group, and
viewing the access list:
FTOS(conf)#interface gige 0/0
FTOS(conf-if-gige0/0)#ip access-group abcd in
FTOS(conf-if-gige0/0)#show config
!
gigethernet 0/0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-gige0/0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended abcd
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
FTOS(config-ext-nacl)#end
FTOS#show ip accounting access-list
!
Extended Ingress IP access list abcd on gigethernet 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Configuring Egress ACLs
Egress ACLs are supported on platforms e and
Step Task
1 Create an ACL that uses rules with the count option. See Configure a standard IP ACL
2 Apply the ACL as an inbound or outbound ACL on an interface. See Assign an IP ACL to an Interface
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.