Creating an IPv4 ACL

Create an ACL to specify an ordered list of ACEs, or filter rules.

About this task

Do not configure IPv4 egress ACL filters on NNI ports because the system-generated egress vIST filter rules and the user-created IPv4 egress rules use the same filter hardware.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an ACL:

    filter acl <acl-id> type <inVlan|inPort|outPort|inVsn> [matchType <both|terminatingNNIOnly|uniOnly> ] [name WORD<0-32>] [enable]

  3. Enable an ACL:

    filter acl [enable]

  4. Ensure the configuration is correct:

    show filter acl [<acl-id>]

Variable definitions

Use the data in the following table to use filter acl command.

Variable

Value

<acl-id>

Specifies the ACL ID. Use the CLI Help to see the available range for the switch.

enable

Enables the ACL state, and all associated ACEs. Enabled is the default state.

matchType <both|terminatingNNIOnly|uniOnly>

For inVsn ACL types, specifies the match type to associate with the ACL. Valid options are:
  • both for traffic ingressing on both UNI ports and NNI ports terminating on this node (default)

  • terminatingNNIOnly for traffic ingressing on NNI ports only and terminating on this node

  • uniOnly for traffic ingressing on UNI ports only

name WORD<0-32>

Specifies an optional descriptive name for the ACL.

type <inVlan|inPort|outPort|inVsn>

Specifies the ACL type. The values inVlan, inPort, and inVsn are ingress ACLs, and outPort is an egress ACL.

A port-based ACL has precedence over a VLAN-based ACL.