To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The exampleshows viewing the configuration, applying rules to the newly created access group, and viewing theaccess list.NOTE: VRF based ACL configurations are not supported on the egress traffic.Example of Applying ACL Rules to Egress Traffic and Viewing ACL ConfigurationTo specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-listextended abcd command. To view the access-list, use the show command.Dell(conf)#interface gige 0/0Dell(conf-if-gige0/0)#ip access-group abcd outDell(conf-if-gige0/0)#show config!gigethernet 0/0no ip addressip access-group abcd outno shutdownDell(conf-if-gige0/0)#endDell#configure terminalDell(conf)#ip access-list extended abcdDell(config-ext-nacl)#permit tcp any anyDell(config-ext-nacl)#deny icmp any anyDell(config-ext-nacl)#permit 1.1.1.2Dell(config-ext-nacl)#endDell#show ip accounting access-list!Extended Ingress IP access list abcd on gigethernet 0/0seq 5 permit tcp any anyseq 10 deny icmp any anyseq 15 permit 1.1.1.2Dell#configure terminalDell(conf)#interface te 0/0Dell(conf-if-te-0/0)#ip vrf forwarding blueDell(conf-if-te-0/0)#show config!interface TenGigabitEthernet 0/0ip vrf forwarding blueno ip addressshutdownDell(conf-if-te-0/0)#Dell(conf-if-te-0/0)#Dell(conf-if-te-0/0)#endDell#Applying Egress Layer 3 ACLs (Control-Plane)By default, packets originated from the system are not filtered by egress ACLs.For example, if you initiate a ping session from the system and apply an egress ACL to block this type oftraffic on the interface, the ACL does not affect that ping traffic. The Control Plane Egress Layer 3 ACLfeature enhances IP reachability debugging by implementing control-plane ACLs for CPU-generated andAccess Control Lists (ACLs) 105