use

interface-config-ge-instance

Specifies the IP (IPv4 and IPv6) access list and MAC access list used with this Ethernet port. The associated ACL firewall inspects IP and MAC traffic flows and detects attacks typically not visible to traditional wired firewall appliances.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

use [ip-access-list in <IPv4-ACCESS-LIST-NAME>|ipv6-access-list <IPv6-ACCESS-LIST-NAME>|
mac-access-list in <MAC-ACCESS-LIST-NAME>]

Parameters

use [ip-access-list in <IPv4-ACCESS-LIST-NAME>|ipv6-access-list <IPv6-ACCESS-LIST-NAME>|
mac-access-list in <MAC-ACCESS-LIST-NAME>]
ip-access-list in <IPv4-ACCESS-LIST-NAME> Associates an IPv4 access list with this Ethernet port. IPv4 is a connectionless protocol for packet switched networking. IPv4 operates as a best effort delivery method, as it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery (unlike (TCP). IPv4 hosts can use link local addressing to provide local connectivity.
  • in – Applies the IPv4 ACL on incoming packets
    • <IPv4-ACCESS-LIST-NAME> – Specify the IPv4 access list name (it should be an existing and configured).
ipv6-access-list in <IPv6-ACCESS-LIST-NAME> Associates an IPv6 access list with this Ethernet port. IPv6 is the latest revision of the IP designed to replace IPv4. IPV6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons.
  • in – Applies the IPv6 ACL on incoming packets
    • <IPv6-ACCESS-LIST-NAME> – Specify the IPv6 access list name (it should be an existing and configured).
mac-access-list in <MAC-ACCESS-LIST-NAME> Associates a MAC access list with this Ethernet port. MAC ACLs filter/mark packets based on the MAC address from which they arrive, as opposed to filtering packets on layer 2 ports.
  • in – Applies the MAC ACL on incoming packets
    • <MAC-ACCESS-LIST-NAME> – Specify the MAC access list name (it should be an existing and configured).

Example

nx9500-6C8809(config-profile-default-rfs4000-if-ge1)#use mac-access-list in test

nx9500-6C8809(config-profile-default-rfs4000-if-ge1)#use ip-access-list in test

nx9500-6C8809(config-profile-default-rfs4000-if-ge1)#show context
 interface ge1
  description "This is GigabitEthernet interface for Royal King"
  speed 10
  duplex full
  switchport mode accessi
  switchport access vlan 1
  use ip-access-list in test
  use mac-access-list in test
  spanning-tree bpduguard enable
  spanning-tree bpdufilter disable
  spanning-tree force-version 1
--More--
nx9500-6C8809(config-profile-default-rfs4000-if-ge1)#

Related Commands

no Disassociates the IP access list or MAC access list from the interface