Manualshelf

White Papers

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000
121122123124125126127128129130
Congure ACLs to Loopback
You can apply ACLs on a Loopback interface.
Conguring ACLs onto the CPU in a Loopback interface protects the system infrastructure from attack — malicious and incidental — by
explicate allowing only authorized trac.
The ACLs on Loopback interfaces are applied only to the CPU on the stack–unit — this application eliminates the need to apply specic
ACLs onto all ingress interfaces and achieves the same results. By localizing target trac, it is a simpler implementation.
The ACLs target and handle Layer 3 trac destined to terminate on the system including routing protocols, remote access, simple network
management protocol (SNMP), internet control message protocol (ICMP), and so on, Eective ltering of Layer 3 trac from Layer 3
routers reduces the risk of attack.
NOTE: Loopback ACLs are supported only on ingress trac.
Loopback interfaces do not support ACLs using the IP fragment option. If you congure an ACL with the fragments option and apply
it to a Loopback interface, the command is accepted, but the ACL entries are not installed the oending rule in CAM.
For more information, refer to the Loopback Interfaces section in the Interfaces chapter.
Applying an ACL on Loopback Interfaces
You can apply ACLs on a Loopback interface.
To apply an ACL (standard or extended) for Loopback, following these commands:
1 Only loopback 0 is supported for the Loopback ACL.
CONFIGURATION mode
interface loopback 0
2 Apply rules to the new ACL.
CONFIGURATION mode
ip access-list [standard | extended] name
3 Apply an ACL to trac entering loopback. The keyword in congures the ACL to lter incoming trac.
INTERFACE mode
ip access-group name in
NOTE
: You can only apply ACLs for Loopback to incoming trac.
To apply ACLs on Loopback, use the ip access-group command in INTERFACE mode. This example shows the interface conguration
status, adding rules to the access group, and displaying the list of rules in the ACL.
Example of Applying ACL Rules to a Loopback and Viewing ACL Conguration
Dell(conf)#interface loopback 0
Dell(conf-if-lo-0)#ip access-group abcd in
Dell(conf-if-lo-0)#show config
!
interface Loopback 0
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-lo-0)#end
Dell#configure terminal
Dell(conf)#ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Access Control Lists (ACLs)
123