Configuring Acls To Loopback; Applying An Acl On Loopback Interfaces - Dell Force10 C150 Configuration Manual

FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU
traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address
have the interface MAC address instead of VRRP virtual MAC address.

Configuring ACLs to Loopback

ACLs can be supplied on Loopback
Configuring ACLs onto the CPU in a loopback interface protects the system infrastructure from attack—
malicious and incidental—by explicate allowing only authorized traffic.
The ACLs on loopback interfaces are applied only to the CPU on the RPM—this eliminates the need to
apply specific ACLs onto all ingress interfaces and achieves the same results. By localizing target traffic, it
is a simpler implementation.
The ACLs target and handle Layer 3 traffic destined to terminate on the system including routing
protocols, remote access, SNMP, ICMP, and etc. Effective filtering of Layer 3 traffic from Layer 3 routers
reduces the risk of attack.
Note: Loopback ACLs are supported only on ingress traffic.
Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the
fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are
not actually installed the offending rule in CAM.
See also Loopback Interfaces

Applying an ACL on Loopback Interfaces

ACLs can be applied on Loopback
To apply an ACL (standard or extended) for loopback, use these commands in the following sequence:
Step Command Syntax
interface loopback 0
1
interfaces supported on platform
in the Interfaces chapter.
interfaces supported on platform
Command Mode
CONFIGURATION
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 151
e
e
Purpose
Only loopback 0 is supported for the loopback
ACL.