Reference Guide
Access Control Lists (ACLs) | 117
To apply an ACL (standard or extended) for loopback, use these commands in the following sequence:
To apply ACLs on loopback, use the
ip access-group command in the INTERFACE mode as shown in the
example below. This example also shows the interface configuration status, adding rules to the access
group, and displaying the list of rules in the ACL:
FTOS(conf)#interface loopback 0
FTOS(conf-if-lo-0)#ip access-group abcd in
FTOS(conf-if-lo-0)#show config
!
interface Loopback 0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-lo-0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended abcd
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
FTOS(config-ext-nacl)#end
FTOS#show ip accounting access-list
!
Extended Ingress IP access list abcd on Loopback 0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 10 deny icmp any any
permit 1.1.1.2
IP Prefix Lists
Prefix Lists are supported on platforms: c e s
Step Command Syntax Command Mode Purpose
1
interface loopback 0
CONFIGURATION Only loopback 0 is supported for the loopback
ACL.
2
ip access-list [standard |
extended] name
CONFIGURATION Apply rules to the new ACL.
3
ip access-group name in INTERFACE Apply an ACL to traffic entering loopback.
•
in: configure the ACL to filter incoming
traffic
Note: ACLs for loopback can only be
applied to incoming traffic.
Note: Refer to the section VTY Line Local Authentication and Authorization in the Security chapter.