Table of Contents
Advertisement
This section describes the following:
•
Configure Ingress ACLs
•
Configure Egress ACLs
For more information about Layer-3 interfaces, refer to Interfaces.
Applying an IP ACL
To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following
commands.
1
Enter the interface number.
CONFIGURATION mode
interface interface slot/port
2
Configure an IP address for the interface, placing it in Layer-3 mode.
INTERFACE mode
ip address ip-address
3
Apply an IP ACL to traffic entering or exiting an interface.
INTERFACE mode
ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range | vrf
vrf-range]
NOTE:
The number of entries allowed per ACL is hardware-dependent. For detailed specification
about entries allowed per ACL, refer to your line card documentation.
4
Apply rules to the new ACL.
INTERFACE mode
ip access-list [standard | extended] name
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use
the show running-config command in EXEC mode.
Example of Viewing ACLs Applied to an Interface
Dell(conf-if)#show conf
!
interface TenGigabitEthernet 1/1
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
Dell(conf-if)#
To filter traffic on Telnet sessions, use only standard ACLs in the access-class command.
Access Control Lists (ACLs)
156
Advertisement
Table of Contents
Troubleshooting
