Associates a captive-portal, access control list (IPv4, IPv6, or MAC), and/or a URL filter with this bridge VLAN

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


use [application-policy|captive-portal|ip-access-list|ipv6-access-list|mac-access-list|
use application-policy <APP-POLICY-NAME>
use captive-portal <CAPTIVE-PORTAL-NAME>
use [ip-access-list|ipv6-access-list|mac-access-list] tunnel out <IP/ipv6/MAC-ACCESS-LIST-NAME>
use url-filter <URL-FILTER-NAME>
use purview-application-policy <PURVIEW-APP-POLICY-NAME>


use application-policy <APP-POLICY-NAME>
use application-policy <APP-POLICY-NAME> Enforces application detection on this VLAN bridge
  • <APP-POLICY-NAME> – Specify the application policy name (should be existing and configured).
  • For more information on application definitions and application policy, see application and application-policy.
use captive-portal <CAPTIVE-PORTAL-NAME>
use captive-portal Applies an existing captive portal configuration to restrict access to the bridge VLAN configuration

A captive portal is an access policy for providing temporary and restrictive access using a standard Web browser. Captive portals provide authenticated access by capturing and re-directing a wireless user's Web browser session to a captive portal login page where the user must enter valid credentials to access to the network. Once logged into the captive portal, additional terms and agreement, welcome, fail, and no-service pages provide the administrator with a number of options on captive portal screen flow and user appearance.

  • <CAPTIVE-PORTAL-NAME> – Specify the captive portal name.
use [ip-access-list|ipv6-access-list|mac-access-list] tunnel out <IP/IPv6/MAC-ACCESS-LIST-NAME>
use Sets this VLAN bridge policy to use an IPv4/IPv6 access list or a MAC access list
ip-access-list Associates a pre-configured IPv4 access list with this VLAN-bridge interface
ipv6-access-list Associates a pre-configured IPv6 access list with this VLAN-bridge interface
mac-access-list Associates a pre-configured MAC access list with this VLAN- bridge interface
tunnel out <IP/IPv6/MAC-ACCESS-LIST-NAME> The following keywords are common to the ‘IPv4/IPv6 access list‘ and ‘MAC access list‘ parameters:
  • tunnel – Applies IPv4/IPv6 access list or MAC access list to all packets going into the tunnel
    • out – Applies IPv4/IPv6 access list or MAC access list to all outgoing packets
      • <IP/IPv6/MAC-ACCESS-LIST-NAME> – Specify the IP/IPv6 access list or MAC access list name.
use url-filter <URL-FILTER-NAME>
use url-filter Sets this VLAN bridge to use a URL filter
<URL-FILTER-NAME> Specify the URL filter name. It should be existing and configured.

This option enforces URL filtering on the VLAN bridge.

use purview-application-policy <PURVIEW-APP-POLICY-NAME>
use purview-application-policy <PURVIEW-APP-POLICY-NAME> Enforces application detection on this VLAN bridge


nx9500-6C8809(config-profile-default-rfs4000-bridge-vlan-1)#use mac-access-list tunnel out PERMIT-ARP-AND-IPv4

nx9500-6C8809(config-profile-default-rfs4000-bridge-vlan-1)#show context
 bridge vlan 1
  ip igmp snooping
  ip igmp snooping querier
  use mac-access-list tunnel out PERMIT-ARP-AND-IPv4

Related Commands

no Disables or reverts VLAN Ethernet bridge settings