Create an IPv4 ACL

Create an ACL to specify an ordered list of ACEs, or filter rules.

About this task

Do not configure IPv4 egress ACL filters on network-to-network interface (NNI) ports because the system-generated egress vIST filter rules and the user-created IPv4 egress rules use the same filter hardware.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an ACL:

    filter acl <1-2048> type <inVlan|inPort|outPort|inVsn> [matchType <both|terminatingNNIOnly|uniOnly> ] [name WORD<0-32>] [enable]

  3. Enable an ACL:

    filter acl [enable]

  4. Ensure the configuration is correct:

    show filter acl [<1-2048>]

Variable definitions

Use the data in the following table to use filter acl command.

Variable

Value

<1-2048>

Specifies the ACL ID.

enable

Enables the ACL state, and all associated ACEs. Enabled is the default state.

matchType <both|terminatingNNIOnly|uniOnly>

For inVsn ACL types, specifies the match type to associate with the ACL. Valid options are:
  • both for traffic ingressing on both UNI ports and network-to-network interface (NNI) ports terminating on this node

  • terminatingNNIOnly for traffic ingressing on NNI ports only and terminating on this node

  • uniOnly for traffic ingressing on UNI ports only

The default value is both.

name WORD<0-32>

Specifies an optional descriptive name for the ACL.

type <inVlan|inPort|outPort|inVsn>

Specifies the ACL type. The values inVlan, inPort, and inVsn are ingress ACLs, and outPort is an egress ACL.

A port-based ACL has precedence over a VLAN-based ACL.