Reference Guide
Access Control Lists (ACLs) | 129
To view which IP ACL is applied to an interface, use the show config command in the INTERFACE mode
as shown below or the
show running-config command in the EXEC mode.
Figure 7-14. Command example: show config in the INTERFACE Mode
Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. In the S5000, either count (packets) or count (bytes) can be configured. However, for an ACL with
multiple rules, you can configure some ACLs with count (packets) and others as count (bytes) at any given
time.
Configuring Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
ip access-group command in the EXEC Privilege mode (Figure 7-15).
This example also shows applying the ACL, applying rules to the newly created access group, and viewing
the access list:
4
ip access-list [standard |
extended]
name
INTERFACE Apply rules to the new ACL.
Step Task
1 Create an ACL that uses rules with the count option. See Configuring a Standard IP ACL
2 Apply the ACL as an inbound or outbound ACL on an interface. See Assigning an IP ACL to an Interface
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.
Step Command Syntax Command Mode Purpose
Dell (conf-if-te-0/0)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
Dell (conf-if)#