ip receive access-group

Applies an IPv4 access control list (ACL) at global configuration level. Such receive-path ACLs filter incoming route-processor traffic according to rules that you create, but do not filter data-path traffic.

Syntax

ip receive access-group acl-name
ip receive access-group acl-name sequence seq-number
no ip receive access-group acl-name

Command Default

No receive-path ACLs are applied.

Parameters

acl-name
Specifies the name of the standard or extended IP access list.
sequence seq-number
Specifies the sequence of the rACL you are applying. Values range from 1 through 2047.

Modes

Global configuration mode

Usage Guidelines

For both interface ACLs and receive-path ACLs, you use identical commands to create the ACLs. You also use identical commands to define permit/deny/hard-drop rules in the ACLs. The only variance is the command you use to apply the ACL:
  • To apply an interface ACL—from an interface-subtype configuration mode—you use the { ip | ipv6 | mac } access-group command.
  • To apply a receive-path ACL—from global configuration mode—you use the { ip | ipv6 } receive access-group command.
You can apply a maximum of 400 receive-path ACLs to a device, as follows:
  • 200 IPv4 receive-path ACLs
  • 200 IPv6 receive-path ACLs

To remove a receive-path ACL, enter the no form of this command.

Examples

The following example creates an IPv4 extended ACL, defines rules in the ACL, and applies it as a receive-path ACL. 

device(config)# ip access-list extended ipv4-receive-acl-example
device(conf-ipacl-ext)# hard-drop tcp host 10.0.0.1 any count 
device(conf-ipacl-ext)# hard-drop udp any host 20.0.0.1 count 
device(conf-ipacl-ext)# permit tcp host 10.0.0.2 any eq telnet count 
device(conf-ipacl-ext)# permit tcp host 10.0.0.2 any eq bgp count 

device(conf-ipacl-ext)# exit
device(config)# ip receive access-group ipv4-receive-acl-example

The following example creates two IPv4 extended ACLs, defines rules in the ACLs, and applies them as receive-path ACLs—specifying the priority of each ACL.

device#configure terminal
device(config)# ip access-list extended test-racl-1
device(conf-ipacl-ext)# deny ip 2.2.2.2/32 1.1.1.1/32
device(config)# ip access-list extended test-racl-2
device(conf-ipacl-ext)# permit ip 2.2.2.2/32 any
device(conf-ipacl-ext)# exit

device(config)#ip receive access-group test-racl-1 seq 10
device(config)#ip receive access-group test-racl-2 seq 20
9036689-01 Rev AA