Reference Guide
76 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
For more information on Layer-3 interfaces, refer to Chapter 20, Interfaces.
To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in
the following sequence in the INTERFACE mode:
To view which IP ACL is applied to an interface, use the
show config command (Figure 232) in the
INTERFACE mode or the
show running-config command in the EXEC mode.
Figure 6-8. Command example: show config in the INTERFACE Mode
Use only Standard ACLs in the access-class command to filter traffic on Telnet sessions.
Counting ACL Hits
You can view the number of packets matching the ACL by using the count option when creating ACL
entries. S-Series support either packet or byte counts at any given time.
To view the number of packets matching an ACL that is applied to an interface:
Step Command Syntax Command Mode Purpose
1
interface interface slot/port
CONFIGURATION Enter the interface number.
2 ip address ip-address INTERFACE Configure an IP address for the interface, placing
it in Layer-3 mode.
3
ip access-group access-list-name
{in | out} [implicit-permit] [vlan
vlan-range]
INTERFACE Apply an IP ACL to traffic entering or exiting an
interface.
•
out: configure the ACL to filter outgoing
traffic.
Note: The number of entries allowed per ACL is
hardware-dependent. Refer to your line card
documentation for detailed specification on entries
allowed per ACL.
4
ip access-list [standard |
extended]
name
INTERFACE Apply rules to the new ACL.
Step Task
1 Create an ACL that uses rules with the count option. Refer to Configure a standard IP ACL on page 69
2 Apply the ACL as an inbound or outbound ACL on an interface. Refer to Assign an IP ACL to an Interface on
page 75
FTOS(conf-if)#show conf
!
interface tengigabitEthernet 0/0
ip address 10.2.1.100 255.255.255.0
ip access-group nimule in
no shutdown
FTOS(conf-if)#