Setup Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6010-ON

101

102

103

104

105

106

107

108

109

110

ip access-list [standard | extended] name

To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-

config command in EXEC mode.

Example of Viewing ACLs Applied to an Interface

To lter trac on Telnet sessions, use only standard ACLs in the access-class command.

Counting ACL Hits

You can view the number of packets matching the ACL by using the count option when creating ACL entries.

1 Create an ACL that uses rules with the count option. Refer to Congure a Standard IP ACL Filter.

2 Apply the ACL as an inbound or outbound ACL on an interface.

3 show ip accounting access-list

EXEC Privilege mode

View the number of packets matching the ACL.

Congure Ingress ACLs

Ingress ACLs are applied to interfaces and to trac entering the system.

These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it

is a simpler implementation.

To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL, rules to

the newly created access group, and viewing the access list.

Example of Applying ACL Rules to Ingress Trac and Viewing ACL Conguration

To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To

view the access-list, use the show command.

Congure Egress ACLs

Egress ACLs are applied to line cards and aect the trac leaving the system. Conguring egress ACLs onto physical interfaces protects

the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized trac. These system-wide ACLs

eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target trac, it is a simpler

implementation.

To restrict egress trac, use an egress ACL. For example, when a denial of service (DOS) attack trac is isolated to a specic interface,

you can apply an egress ACL to block the ow from the exiting the box, thus protecting downstream devices.

To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing the conguration,

applying rules to the newly created access group, and viewing the access list.

NOTE

: VRF based ACL congurations are not supported on the egress trac.

Example of Applying ACL Rules to Egress Trac and Viewing ACL Conguration

To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To

view the access-list, use the

show command.

Access Control Lists (ACLs)

107