Configure Ingress Acls; Configure Egress Acls - Dell S6100 Configuration Manual
On system
Hide thumbs
Also See for S6100:
- Configuration manual (1743 pages) ,
- Installation manual (54 pages) ,
- Release notes (13 pages)
Table of Contents
Advertisement
EXEC Privilege mode
View the number of packets matching the ACL.
Configure Ingress ACLs
Ingress ACLs are applied to interfaces and to traffic entering the system.
These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it
is a simpler implementation.
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL, rules to
the newly created access group, and viewing the access list.
Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To
view the access-list, use the show command.
Dell(conf)#interface tengigabitethernet 1/1/1/1
Dell(conf-if-te1/1/1/1)#ip access-group abcd in
Dell(conf-if-te1/1/1/1)#show config
!
tengogabitethernet 1/1/1/1
no ip address
ip access-group abcd in
no shutdown
Dell(conf-if-te1/1/1/1)#end
Dell#configure terminal
Dell(conf)#ip access-list extended abcd
Dell(config-ext-nacl)#permit tcp any any
Dell(config-ext-nacl)#deny icmp any any
Dell(config-ext-nacl)#permit 1.1.1.2
Dell(config-ext-nacl)#end
Dell#show ip accounting access-list
!
Extended Ingress IP access list abcd on tengigabitethernet 1/1/1/1
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 15 permit 1.1.1.2
Configure Egress ACLs
Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects
the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler
implementation.
To restrict egress traffic, use an egress ACL. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface,
you can apply an egress ACL to block the flow from the exiting the box, thus protecting downstream devices.
To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing the configuration,
applying rules to the newly created access group, and viewing the access list.
NOTE:
VRF based ACL configurations are not supported on the egress
traffic.
Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To
view the access-list, use the show command.
Dell(conf)#interface TenGigabitEthernet 1/1/1/1
Dell(conf-if-te-1/1/1/1)#ip access-group abcd out
120
Access Control Lists (ACLs)
Advertisement
Table of Contents
Troubleshooting
