Reference Guide
130 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
Figure 7-15. Creating an Ingress ACL
Configuring Egress ACLs
Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack—
malicious and incidental—by explicitly allowing only authorized traffic.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
Use an egress ACL when you would like to restrict egress traffic. For example, when a DOS attack traffic
is isolated to one particular interface, you can apply an egress ACL to block that particular flow from
exiting the box, thereby protecting downstream devices.
To create an egress ACLs, use the
ip access-group command in the EXEC Privilege mode (Figure 7-16).
This example also shows viewing the configuration, applying rules to the newly created access group, and
viewing the access list:
Dell (conf)#interface tengig 0/0
Dell (conf-if-te-0/0)#ip access-group abcd in
Dell (conf-if-te-0/0)#show config
!
TengigabitEthernet 0/0
no ip address
ip access-group abcd in
no shutdown
Dell (conf-if-gige0/0)#end
Dell #configure terminal
Dell (conf)#ip access-list extended abcd
Dell (config-ext-nacl)#permit tcp any any
Dell (config-ext-nacl)#deny icmp any any
Dell (config-ext-nacl)#permit 1.1.1.2
Dell (config-ext-nacl)#end
Dell #show ip accounting access-list
!
Extended Ingress IP access list abcd on tengig 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Use the “in” keyword
to specify ingress.
Begin applying rules to
the ACL named
“abcd.”
View the access-list.