DELL N3000 User Manual

Configuring Access Control Lists

5 Create an ACL named web-limit that denies HTTP traffic during the 

work-hours time range.

console(config)#ip access-list web-limit

console(config-ip-acl)#deny tcp any any eq http time-range 

work-hours

console(config-ip-acl)#permit every

6 Enter interface configuration mode for VLAN 100 and apply the ACL to 

ingress traffic.

console(config)#interface vlan 100

console(config-if-vlan100)#ip access-group weblimit

in

console(config-if-vlan100)#exit

console(config)#exit

7 Verify the configuration.

console(config)#show ip access-lists web-limit

IP ACL Name: web-limit

Rule Number: 1

Action......................................... deny

Match All...................................... FALSE

Protocol....................................... 6(tcp)

Source IP Address.............................. any

Destination IP Address......................... any

Destination Layer 4 Operator................... Equal To

Destination L4 Port Keyword.................... 80(www/http)

Rule Number: 2

Action......................................... permit

Match All...................................... TRUE

This example drops incoming FTP setup and data traffic on interfaces 

gi1/0/24 to 48. This example is suitable for configuration on a switch or a 

router:

ip access-list deny-ftp 

!

deny tcp any any eq ftp

deny tcp any any eq ftp-data

permit every

exit