Dell Force10 C150 Configuration Manual page 152

Step Command Syntax
seq number
2 [
loopback-logging any any
ip access-list [ standard |
3
extended ] name
ip access-group name in
4
To apply ACLs on loopback, use the
This example also shows the interface configuration status, adding rules to the access group, and
displaying the list of rules in the ACL:
Figure 8-12. Applying an ACL to the Loopback Interface
FTOS(conf)#interface loopback 0
FTOS(conf-if-lo-0)#ip access-group abcd
FTOS(conf-if-lo-0)#show config
!
interface Loopback 0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-lo-0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
FTOS(config-ext-nacl)#end
FTOS#show ip accounting access-list
!
Extended Ingress IP access list abcd on Loopback 0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 10 deny icmp any any
Note: See also the section
152 | IP Access Control Lists (ACL), Prefix Lists, and Route-maps
permit
]
ip access-group
VTY Line Local Authentication and Authorization on page
Command Mode Purpose
CONFIGURATION If you are applying an extended ACL, and it has
a deny ip any any entry, this entry denies
internally generated packets as well as packets
received from external devices. To prevent
internally generated packets from being dropped,
make sure that the ACL you intend to apply has
the following entry: [
loopback-logging any any
anywhere in the ACL.
CONFIGURATION Apply rules to the new ACL.
INTERFACE Apply an ACL to traffic entering loopback.
•
command
in
abcd
seq number
. This line may be
in: configure the ACL to filter incoming
traffic
Note: ACLs for loopback can only be
applied to incoming traffic.
(Figure 235) in the INTERFACE mode.
Use the in keyword.
Add rules to the ACL
named "abcd."
Display the ACL.
948.
permit
]