Filter
Top Products
152 | IP Access Control Lists (ACL), Prefix Lists, and Route-maps
www.dell.com | support.dell.com
To apply ACLs on loopback, use the ip access-group command (Figure 235) in the INTERFACE mode.
This example also shows the interface configuration status, adding rules to the access group, and
displaying the list of rules in the ACL:
Figure 8-12. Applying an ACL to the Loopback Interface
2[seq number] permit
loopback-logging any any
CONFIGURATION If you are applying an extended ACL, and it has
a deny ip any any entry, this entry denies
internally generated packets as well as packets
received from external devices. To prevent
internally generated packets from being dropped,
make sure that the ACL you intend to apply has
the following entry: [seq number] permit
loopback-logging any any
. This line may be
anywhere in the ACL.
3
ip access-list [standard |
extended] name
CONFIGURATION Apply rules to the new ACL.
4
ip access-group name in INTERFACE Apply an ACL to traffic entering loopback.
•
in: configure the ACL to filter incoming
traffic
Note: ACLs for loopback can only be
applied to incoming traffic.
Note: See also the section VTY Line Local Authentication and Authorization on page 948.
Step Command Syntax Command Mode Purpose
FTOS(conf)#interface loopback 0
FTOS(conf-if-lo-0)#ip access-group abcd in
FTOS(conf-if-lo-0)#show config
!
interface Loopback 0
no ip address
ip access-group abcd in
no shutdown
FTOS(conf-if-lo-0)#end
FTOS#configure terminal
FTOS(conf)#ip access-list extended abcd
FTOS(config-ext-nacl)#permit tcp any any
FTOS(config-ext-nacl)#deny icmp any any
FTOS(config-ext-nacl)#permit 1.1.1.2
FTOS(config-ext-nacl)#end
FTOS#show ip accounting access-list
!
Extended Ingress IP access list abcd on Loopback 0
seq 5 permit tcp any any
seq 10 deny icmp any any
seq 10 deny icmp any any
Use the in keyword.
Add rules to the ACL
named “abcd.”
Display the ACL.