Users Guide
The ACLs target and handle Layer 3 traffic destined to terminate on the system including routing protocols,
remote access, simple network management protocol (SNMP), internet control message protocol (ICMP), and
so on, Effective filtering of Layer 3 traffic from Layer 3 routers reduces the risk of attack.
NOTE: Loopback ACLs are supported only on ingress traffic.
Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the
fragments option and apply it to a Loopback interface, the command is accepted, but the ACL entries are
not installed the offending rule in CAM.
For more information, refer to the Loopback Interfaces section in the Interfaces chapter.
Applying an ACL on Loopback
Interfaces
You can apply ACLs on a Loopback interface.
To apply an ACL (standard or extended) for Loopback, following these commands:
1 Only loopback 0 is supported for the Loopback ACL.
CONFIGURATION mode
interface loopback 0
2 Apply rules to the new ACL.
CONFIGURATION mode
ip access-list [standard | extended] name
3 Apply an ACL to traffic entering loopback. The keyword in configures the ACL to filter incoming traffic.
INTERFACE mode
ip access-group name in
NOTE: You can only apply ACLs for Loopback to incoming traffic.
To apply ACLs on Loopback, use the ip access-group command in INTERFACE mode. This example
shows the interface configuration status, adding rules to the access group, and displaying the list of rules in
the ACL.
Example of Applying ACL Rules to a Loopback and Viewing ACL Configuration
Dell(conf)#interface loopback 0
Dell(conf-if-lo-0)#ip access-group abcd in
Dell(conf-if-lo-0)#show config
!
interface Loopback 0
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-lo-0)#end
Dell#configure terminal
Dell(conf)#ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Access Control Lists (ACLs) 160