Configuring Ingress Acls; Configuring Egress Acls - Dell Force10 C150 Configuration Manual

Step Task
View the number of packets matching the ACL using the show ip accounting access-list from EXEC
3
Privilege mode.

Configuring Ingress ACLs

Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs
eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target
traffic, it is a simpler implementation.
To create an ingress ACLs, use the
This example also shows applying the ACL, applying rules to the newly created access group, and viewing
the access list:
Figure 8-10. Creating an Ingress ACL
FTOS(conf)#interface gige 0/0
FTOS(conf-if-gige0/0)#ip access-group abcd
FTOS(conf-if-gige0/0)#show config
!
gigethernet 0/0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-gige0/0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
FTOS(config-ext-nacl)#end
FTOS#show ip accounting access-list
!
Extended Ingress IP access list abcd on gigethernet 0/0
seq 5 permit tcp any any
seq 10 deny icmp any any
permit 1.1.1.2

Configuring Egress ACLs

Layer 2 and Layer 3 ACLs
Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs
onto physical interfaces protects the system infrastructure from attack—malicious and incidental—by
explicitly allowing only authorized traffic.These system-wide ACLs eliminate the need to apply ACLs
onto each interface and achieves the same results. By localizing target traffic, it is a simpler
implementation.
ip access-group
in
abcd
are supported on platform
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 149
command (Figure 233) in the EXEC Privilege mode.
Use the "in" keyword
to specify ingress.
Begin applying rules to
the ACL named
"abcd."
View the access-list.
e