Once you have defined an ACL, it can be applied per routing interface. An ACL can be applied to host access or an interface before it is created. The association of the name or number of the ACL to the host or interface is persistent. You can use ACLs to filter traffic on individual interfaces, with a directional context (inbound, outbound, or both).
Use the ip access-group command to apply an IPv4 access-list to an interface and the ipv6 access-group command to apply an IPv6 access-list to an interface, in interface configuration command mode, specifying the access-list number or name followed by the directional context to which this ACL will be applied.
Use the ip host-access command for an IPv4 access-list and the ipv6 host-access command for an IPv6 access-list in configuration command mode, specifying the access-list number or name, to apply an ACL to host services for this device.
Use the show access-lists applied to display access-lists that have been applied to a routing interface.
The following example applies the extended ACL 121 to both the inbound and outbound direction on VLAN 2.
System(su-config)->interface vlan 2 System(su-config-intf-vlan.0.2)->ip access-group 121 in System(su-config-intf-vlan.0.2)->ip access-group 121 out System(su-config-intf-vlan.0.2)->show access-lists applied Extended IP access list 121, applied inbound on interface 2 (5 entries) Extended IP access list 121, applied outbound on interface 2 (5 entries) System(su-config-intf-vlan.0.2)->
This example shows how to apply the standard access list acl10 for all inbound frames on VLAN 50. Based upon the definition of access list acl10, only frames with source fe80:0:0:0:21f:45ff:fe3d:21aa/64 are routed. All the frames with other sources received on VLAN 50 are dropped:
System(su-config)->ipv6 access-list standard acl10 System(su-cfg-ipv6-std-acl)->permit fe80:0:0:0:21f:45ff:fe3d:21aa/64 log System(su-cfg-ipv6-std-acl)->exit System(su-config)->interface vlan 50 System(su-config-intf-vlan.0.50)->ipv6 access-group acl10 in System(su-config-intf-vlan.0.50)->
Print
this page
Email this topic
Feedback
View PDF
Download EPUB