NOTE:
In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an
implicit-permit option.
You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip
access-group command, in addition to a range of VLANs, you can also specify a range of VRFs as input for
configuring ACLs on interfaces. The VRF range is from 1 to 63. These ACLs use the existing V4 ACL CAM
region to populate the entries in the hardware and do not require you to carve out a separate CAM region.
NOTE:
You can configure VRF-aware ACLs on interfaces either using a range of VLANs or a range of VRFs
but not both.
Topics:
•
IP Access Control Lists (ACLs)
•
Important Points to Remember
•
IP Fragment Handling
•
Configure a Standard IP ACL
•
Configure an Extended IP ACL
•
Configure Layer 2 and Layer 3 ACLs
•
Assign an IP ACL to an Interface
•
Applying an IP ACL
•
Configure Ingress ACLs
•
Configure Egress ACLs
•
IP Prefix Lists
•
ACL Resequencing
•
Route Maps
•
Logging of ACL Processes
•
Flow-Based Monitoring Support for ACLs
•
Configuring UDF ACL
IP Access Control Lists (ACLs)
In Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended.
A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the
following criteria:
•
IP protocol number
•
Source IP address
•
Destination IP address
•
Source TCP port number
•
Destination TCP port number
•
Source UDP port number
•
Destination UDP port number
For more information about ACL options, refer to the Dell Networking OS Command Reference Guide.
Access Control Lists (ACLs)
138