Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000
121122123124125126127128129130
128 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
For information on MAC ACLs, refer to Layer 2.
Assigning an IP ACL to an Interface
The S5000 supports the following:
Ingress IP ACLs
Ingress and Egress IP ACLs
To pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a port
channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel
interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in
the ACL.
You can apply the same ACL to different interfaces and that changes its functionality. For example, you
can take ACL “ABCD”, and apply it using the
in keyword and it becomes an ingress access list. If you
apply the same ACL using the
out keyword, it becomes an egress access list. If you apply the same ACL to
the loopback interface, it becomes a loopback access list.
For more information on Layer-3 interfaces, refer to Interfaces.
To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in
the following sequence in the INTERFACE mode:
Permit Deny Denied by L3 ACL
Permit Permit Permitted by L3 ACL
Note: If an interface is configured as a “vlan-stack access” port, the packets are filtered by an L2 ACL
only. The L3 ACL applied to such a port does not affect traffic. That is, existing rules for other features
(such as trace-list, PBR, and QoS) are applied accordingly to the permitted traffic.
Step Command Syntax Command Mode Purpose
1
interface interface slot/port
CONFIGURATION Enter the interface number.
2
ip address ip-address
INTERFACE Configure an IP address for the interface, placing
it in Layer-3 mode.
3
ip access-group access-list-name
{in | out} [implicit-permit] [vlan
vlan-range]
INTERFACE Apply an IP ACL to traffic entering or exiting an
interface.
Note: The number of entries allowed per ACL is
hardware-dependent.
Table 7-1. L2 and L3 ACL Filtering on Switched Packets
L2 ACL Interfaces
Behavior
L3 ACL Interfaces
Behavior Decision on Targeted Traffic