120 | Access Control Lists (ACLs)w w w . d e l l . c o m | s u p p o r t . d e l l . c o m To create an egress ACLs, use the ip access-group command in the EXEC Privilege mode as shown in theexample below. This example also shows viewing the configuration, applying rules to the newly createdaccess group, and viewing the access list:FTOS(conf)#interface gige 0/0FTOS(conf-if-gige0/0)#ip access-group abcd outFTOS(conf-if-gige0/0)#show config!gigethernet 0/0no ip addressip access-group abcd outno shutdownFTOS(conf-if-gige0/0)#endFTOS#configure terminalFTOS(conf)#ip access-list extended abcdFTOS(config-ext-nacl)#permit tcp any anyFTOS(config-ext-nacl)#deny icmp any anyFTOS(config-ext-nacl)#permit 1.1.1.2FTOS(config-ext-nacl)#endFTOS#show ip accounting access-list!Extended Ingress IP access list abcd on gigethernet 0/0seq 5 permit tcp any anyseq 10 deny icmp any anyseq 15 permit 1.1.1.2Egress Layer 3 ACL Lookup for Control-plane IP TrafficBy default, packets originated from the system are not filtered by egress ACLs. If you initiate a pingsession from the system, for example, and apply an egress ACL to block this type of traffic on theinterface, the ACL does not affect that ping traffic. The Control Plane Egress Layer 3 ACL featureenhances IP reachability debugging by implementing control-plane ACLs for CPU-generated andCPU-forwarded traffic. Using permit rules with the count option, you can track on a per-flow basiswhether CPU-generated and CPU-forwarded packets were transmitted successfully..Task Command Syntax Command ModeApply Egress ACLs to IPv4 systemtraffic. ip control-plane [egress filter] CONFIGURATIONApply Egress ACLs to IPv6 systemtraffic. ipv6 control-plane [egress filter] CONFIGURATIONCreate a Layer 3 ACL using permitrules with the count option to describethe desired CPU trafficpermit ip {source mask | any |host ip-address} {destination mask| any | host ip-address} countCONFIG-NACLNote: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are notsupported on S4810 systems.
