Assign An Ip Acl To An Interface - Dell Force10 C150 Configuration Manual

If a rule is simply appended, existing counters are not affected.
Table 8-2. L2 and L3 ACL Filtering on Switched Packets
L2 ACL Behavior
Deny
Deny
Permit
Permit
Note: If an interface is configured as a " vlan-stack access " port, the packets are filtered by an
L2 ACL only. The L3 ACL applied to such a port does not affect traffic. That is, existing rules
for other features (such as trace-list, PBR, and QoS) are applied accordingly to the permitted
traffic.
For information on MAC ACLs, refer to the Access Control Lists (ACLs) chapter in the FTOS Command
Line Reference Guide.

Assign an IP ACL to an Interface

Ingress IP ACLs are supported on platforms:
Ingress and Egress IP ACL are supported on platform:
To pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a port
channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel
interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in
the ACL.
The same ACL may be applied to different interfaces and that changes its functionality. For example, you
can take ACL "ABCD", and apply it using the
apply the same ACL using the
the loopback interface, it becomes a loopback access list.
This chapter covers the following topics:
• Configuring Ingress ACLs on page 149
• Configuring Egress ACLs on page 149
• Configuring ACLs to Loopback on page 151
For more information on Layer-3 interfaces, refer to
L3 ACL Behavior
Deny
Permit
Deny
Permit
c
in
keyword and it becomes an ingress access list. If you
out
keyword, it becomes an egress access list. If you apply the same ACL to
Decision on Targeted Traffic
Denied by L3 ACL
Permitted by L3 ACL
Denied by L2 ACL
Permitted by L2 ACL
s
and
e
Chapter 13, Interfaces, on page
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 147
47.