Applying An Ip Acl To An Interface - Dell C9000 Series Networking Configuration Manual

Hide thumbs Also See for C9000 Series:

Table of Contents

vlan {vlanaclopt | vlaniscsi | vlanopenflow} command allows you to allocate filter processor

(FP) blocks of memory for ACL VLAN services: iSCSI counters, Open Flow, and ACL VLAN optimization.

You can configure CAM allocation for only two of these VLAN services at a time. You can allocate from 0 to 2

FP blocks for each VLAN service.

To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt

<0-2> command. After you configure ACL VLAN CAM, reboot the switch to enable CAM allocation for ACL

VLAN optimization.

To display the number of FP blocks currently allocated to different ACL VLAN services, enter the show cam-

acl-vlan command.

To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the switch,

enter the show cam-usage command.

Applying an IP ACL to an Interface

To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface,

The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either

forwarded or dropped depending on the criteria and actions specified in the ACL.

The same ACL may be applied to different interfaces and that changes its functionality. For example, you can

take ACL "ABCD" and apply it using the in keyword and it becomes an ingress access list. If you apply the

same ACL using the out keyword, it becomes an egress access list. If you apply the same ACL to the

Loopback interface, it becomes a Loopback access list.

For more information about Layer 3 interfaces, refer to Interfaces.

Enter the interface number.

CONFIGURATION mode

interface interface {slot/port | port-channel-number}

Configure an IP address for the interface, placing it in Layer 3 mode.

INTERFACE mode

ip address ip-address

Apply an IP ACL to traffic entering or exiting an interface.

INTERFACE mode

ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range]

The number of entries allowed per ACL is hardware-dependent. For detailed specification

about entries allowed per ACL, refer to your line card documentation.

Apply rules to the new ACL.

INTERFACE mode

ip access-list [standard | extended] name

Access Control Lists (ACLs)