Counting Acl Hits; Configuring Ingress Acls - Dell Force10 Z9000 Configuration Manual

To view which IP ACL is applied to an interface, use the
INTERFACE mode or the
Figure 6-9. Command example: show config in the INTERFACE Mode
FTOS(conf-if)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#
Use only Standard ACLs in the

Counting ACL Hits

You can view the number of packets matching the ACL by using the
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Step Task
1 Create an ACL that uses rules with the count option. See
2 Apply the ACL as an inbound or outbound ACL on an interface. See
3 View the number of packets matching the ACL using the show ip accounting access-list from EXEC
Privilege mode.

Configuring Ingress ACLs

Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
This example also shows applying the ACL, applying rules to the newly created access group, and viewing
the access list:
| Access Control Lists (ACLs)
104
show running-config command in the EXEC mode.
access-class command to filter traffic on Telnet sessions.
ip access-group
command
show config
option when creating ACL
count
Configure a standard IP ACL
Assign an IP ACL to an Interface
command (Figure 6-10) in the EXEC Privilege mode.
(Figure 232) in the