Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

121

122

123

124

125

126

127

128

129

130

CONFIGURATION mode

ip control-plane [egress filter]

2. Apply Egress ACLs to IPv6 system trac.

CONFIGURATION mode

ipv6 control-plane [egress filter]

3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU trac.

CONFIG-NACL mode

permit ip {source mask | any | host ip-address} {destination mask | any | host ip-

address} count

Dell Networking OS Behavior: Virtual router redundancy protocol (VRRP) hellos and internet group management protocol (IGMP)

packets are not aected when you enable egress ACL ltering for CPU trac. Packets the CPU sends with the source address as

the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address.

Congure ACLs to Loopback

You can apply ACLs on a Loopback interface.

Conguring ACLs onto the CPU in a Loopback interface protects the system infrastructure from attack — malicious and incidental

— by explicate allowing only authorized trac.

The ACLs on Loopback interfaces are applied only to the CPU on the stack–unit — this application eliminates the need to apply

specic ACLs onto all ingress interfaces and achieves the same results. By localizing target trac, it is a simpler implementation.

The ACLs target and handle Layer 3 trac destined to terminate on the system including routing protocols, remote access, simple

network management protocol (SNMP), internet control message protocol (ICMP), and so on, Eective ltering of Layer 3 trac

from Layer 3 routers reduces the risk of attack.

NOTE: Loopback ACLs are supported only on ingress trac.

Loopback interfaces do not support ACLs using the IP fragment option. If you congure an ACL with the fragments option

and apply it to a Loopback interface, the command is accepted, but the ACL entries are not installed the oending rule in CAM.

For more information, refer to the Loopback Interfaces section in the Interfaces chapter.

Applying an ACL on Loopback Interfaces

You can apply ACLs on a Loopback interface.

To apply an ACL (standard or extended) for Loopback, following these commands:

1. Only loopback 0 is supported for the Loopback ACL.

CONFIGURATION mode

interface loopback 0

2. Apply rules to the new ACL.

CONFIGURATION mode

ip access-list [standard | extended] name

3. Apply an ACL to trac entering loopback. The keyword in congures the ACL to lter incoming trac.

INTERFACE mode

ip access-group name in

Access Control Lists (ACLs)

127