Dell PowerSwitch S4112F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 598
Ingress ACL filters, Egress ACL filters
![]() |
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 598 highlights
Configure IP ACL OS10(config)# interface ethernet 1/1/28 OS10(conf-if-eth1/1/28)# ip address 10.1.2.0/24 OS10(conf-if-eth1/1/28)# ip access-group abcd in View ACL filters applied to interface OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/28 seq 10 permit ip host 10.1.1.1 host 100.1.1.1 count (0 packets) seq 20 deny ip host 20.1.1.1 host 200.1.1.1 count (0 packets) seq 30 permit ip 10.1.2.0/24 100.1.2.0/24 count (0 packets) seq 40 deny ip 20.1.2.0/24 200.1.2.0/24 count (0 packets) seq 50 permit ip 10.0.3.0 255.0.255.0 any count (0 packets) seq 60 deny ip 20.0.3.0 255.0.255.0 any count (0 packets) seq 70 permit tcp any eq 1000 100.1.4.0/24 eq 1001 count (0 packets) seq 80 deny tcp any eq 2100 200.1.4.0/24 eq 2200 count (0 packets) seq 90 permit udp 10.1.5.0/28 eq 10000 any eq 10100 count (0 packets) seq 100 deny tcp host 20.1.5.1 any rst psh count (0 packets) seq 110 permit tcp any any fin syn rst psh ack urg count (0 packets) seq 120 deny icmp 20.1.6.0/24 any fragment count (0 packets) seq 130 permit 150 any any dscp 63 count (0 packets) To view the number of packets matching the ACL, use the count option when creating ACL entries. • Create an ACL that uses rules with the count option, see Assign sequence number to filter. • Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command. 1 Apply an access-list on the interface with ingress direction in INTERFACE mode. ip access-group access-group-name in 2 Return to CONFIGURATION mode. exit 3 Create the access-list in CONFIGURATION mode. ip access-list access-list-name 4 Create the rules for the access-list in ACCESS-LIST mode. permit ip host ip-address host ip-address count Apply ACL rules to access-group and view access-list OS10(config)# interface ethernet 1/1/28 OS10(conf-if-eth1/1/28)# ip access-group abcd in OS10(conf-if-eth1/1/28)# exit OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# permit ip host 10.1.1.1 host 100.1.1.1 count Egress ACL filters Egress ACL filters affect the traffic leaving the network. Configuring egress ACL filters onto physical interfaces protects the system infrastructure from a malicious and intentional attack by explicitly allowing only authorized traffic. These system-wide ACL filters eliminate the need to apply ACL filters onto each interface and achieves the same results. 598 Access Control Lists
![](/manual_guide/products/dell-powerswitch-s3048on-os10-enterprise-edition-user-guide-release-10410-b76d862/598.png)