DELL S50V User Manual
148
|
IP Access Control Lists (ACL), Prefix Lists, and Route-maps
www.dell.com | support.dell.com
To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in
the following sequence in the INTERFACE mode:
the following sequence in the INTERFACE mode:
To view which IP ACL is applied to an interface, use the
show config
command
(Figure 232)
in the
INTERFACE mode or the
show running-config
command in the EXEC mode.
Figure 8-9. Command example:
show config
in the INTERFACE Mode
Use only Standard ACLs in the
access-class
command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the
count
option when creating ACL
entries. E-Series supports packet and byte counts simultaneously. C-Series and S-Series support only one
at any given time.
at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Step
Command Syntax
Command Mode
Purpose
1
interface interface slot/port
CONFIGURATION
Enter the interface number.
2
ip address
ip-address
INTERFACE
Configure an IP address for the interface, placing
it in Layer-3 mode.
it in Layer-3 mode.
3
ip
access-group
access-list-name
{
in | out
} [
implicit-permit
] [
vlan
vlan-range
]
INTERFACE
Apply an IP ACL to traffic entering or exiting an
interface.
interface.
•
out:
configure the ACL to filter outgoing
traffic. This keyword is supported only on
E-Series.
Note: The number of entries allowed per
E-Series.
Note: The number of entries allowed per
ACL is hardware-dependent. Refer to
your line card documentation for detailed
specification on entries allowed per ACL.
4
ip access-list [standard |
extended]
extended]
name
INTERFACE
Apply rules to the new ACL.
Step
Task
1
2
Apply the ACL as an inbound or outbound ACL on an interface. See
FTOS
(conf-if)#show conf
!
interface GigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#