Create an IPv4 ACL

Create an ACL to specify an ordered list of ACEs, or filter rules.

About this task

Do not configure IPv4 egress ACL filters on network-to-network interface (NNI) ports because the system-generated egress vIST filter rules and the user-created IPv4 egress rules use the same filter hardware.

Procedure

Enter Global Configuration mode:

enable

configure terminal
Create an ACL:

filter acl <1-2048> type <inVlan|inPort|outPort|inVsn> [matchType <both|terminatingNNIOnly|uniOnly> ] [name WORD<0-32>] [enable]
Enable an ACL:

filter acl [enable]
Ensure the configuration is correct:

show filter acl [<1-2048>]

Variable definitions

Use the data in the following table to use filter acl command.


Variable	Value
`<1-2048>`	Specifies the ACL ID.
enable	Enables the ACL state, and all associated ACEs. Enabled is the default state.
matchType <both\|terminatingNNIOnly\|uniOnly>	For inVsn ACL types, specifies the match type to associate with the ACL. Valid options are: both for traffic ingressing on both UNI ports and network-to-network interface (NNI) ports terminating on this node terminatingNNIOnly for traffic ingressing on NNI ports only and terminating on this node uniOnly for traffic ingressing on UNI ports only The default value is both.
name `WORD<0-32>`	Specifies an optional descriptive name for the ACL.
type <inVlan\|inPort\|outPort\|inVsn>	Specifies the ACL type. The values inVlan, inPort, and inVsn are ingress ACLs, and outPort is an egress ACL. A port-based ACL has precedence over a VLAN-based ACL.