ip access-group
Applies rules specified in an IPv4 access control list (ACL) to traffic entering or exiting an interface.
Syntax
ip access-group
ACLname
{
in
|
out
}
no ip access-group
ACLname
{
in
|
out
}
Parameters
-
ACLname
- Specifies the name of the standard or extended IPv4 access list.
-
in
- Applies the ACL to incoming switched and routed traffic.
-
out
- Applies the ACL to outgoing routed and (for
SLX 9150 and SLX 9250 devices)
also to switched traffic.
Modes
Interface subtype configuration mode
Usage Guidelines
Use this command to apply an IPv4 ACL to one of the following interface types:
- User interfaces
- Physical Ethernet interfaces
- Port-channels (LAGs).
- Virtual Ethernet (VE) (attached to a VLAN or to a bridge domain)
- The management interface
You can apply a maximum of five ACLs to a user interface, as follows:
- One ingress MAC ACL—if the interface is in switchport mode
- One egress MAC ACL—if the interface is in switchport mode
- One ingress IPv4 ACL
- One egress IPv4 ACL
- One ingress IPv6 ACL
You can apply a maximum of two ACLs to the
management interface, as follows:
- One ingress IPv4 ACL
- One ingress IPv6 ACL
You can apply an ACL to multiple interfaces. And you can apply an ACL twice—ingress and egress—to a given user interface.
To remove an ACL from an interface, enter the
no form of this command.
Examples
The following example applies an ingress IP ACL
on an Ethernet interface:
device(config)# interface ethernet 0/2
device(conf-if-eth-0/9)# ip access-group ipacl2 in
The following example removes an ingress IP ACL
from an Ethernet interface:
device(config)# interface ethernet 0/2
device(conf-if-eth-0/9)# no ip access-group ipacl2 in