Configuring Acls To Loopback; Applying An Acl On Loopback Interfaces - Dell Force10 S4810P Configuration Manual
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is
enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC
address instead of VRRP virtual MAC address.
Configuring ACLs to Loopback
ACLs can be supplied on Loopback
Configuring ACLs onto the CPU in a loopback interface protects the system infrastructure from attack—
malicious and incidental—by explicate allowing only authorized traffic.
The ACLs on loopback interfaces are applied only to the CPU on the RPM—this eliminates the need to
apply specific ACLs onto all ingress interfaces and achieves the same results. By localizing tar g et traffic, it
is a simpler implementation.
The ACLs target and handle Layer 3 traffic destined to terminate on the system including routing
protocols, remote access, SNMP, ICMP, and etc. Effective filtering of Layer 3 traffic from Layer 3 routers
reduces the risk of attack.
Note: Loopback ACLs are supported only on ingress traffic.
Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the
fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are
not actually installed the offending rule in CAM.
See also
Loopback Interfaces
Applying an ACL on Loopback Interfaces
ACLs can be applied on Loopback
To apply an ACL (standard or extended) for loopback, use these commands in the following sequence:
Step
Command Syntax
1
interface loopback 0
2
ip access-list [ standard |
extended ] name
3
ip access-group name in
interfaces supported on platform
in the
Interfaces
chapter.
interfaces supported on platform
Command Mode
CONFIGURATION
CONFIGURATION
INTERFACE
e
e
Purpose
Only loopback 0 is supported for the loopback
ACL.
Apply rules to the new ACL.
Apply an ACL to traffic entering loopback.
•
in: configure the ACL to filter incoming
traffic
Note: ACLs for loopback can only be
applied to incoming traffic.
Access Control Lists (ACLs) | 121
Advertisement
Table of Contents
Troubleshooting
