Applying a Layer 3 ACL to a physical interface

Use this procedure for applying an IPv4 or IPv6 ACL to a physical interface, using the ip/ipv6 access-group command.

  1. Enter configure terminal to change to global configuration mode.
    device# configure terminal
    
  2. Enter the interface ethernet command, specifying the port number.
    device(config)# interface ethernet 0/2
    
  3. Enter the ip/ipv6 access-group command, specifying the ACL that you are applying to the interface.
    • For IPv4 ACLs, specify the ingress or egress direction.
      device(conf-if-eth-0/2)# ip access-group test_02 out
    • For IPv6 ACLs, specify the ingress direction.
      device(conf-if-eth-0/2)# ipv6 access-group stdV6ACL_1 in
  4. Enter the ip/ipv6 access-group command, specifying the ACL that you are applying to the interface.
    • For IPv4 ACLs, specify the ingress or egress direction.
      device(conf-if-eth-0/2)# ip access-group test_02 out
    • For IPv6 ACLs, specify the ingress direction.
      device(conf-if-eth-0/2)# ipv6 access-group stdV6ACL_1 in
The following example applies an IPv4 ACL to a physical interface.
device# configure
device(config)# interface ethernet 0/2
device(conf-if-eth-0/9)# ip access-group ipacl2 in
The following example applies an IPv6 ACL to a physical interface.
device# configure
device(config)# interface ethernet 0/2
device(conf-if-eth-0/2)# ipv6 access-group ip_acl_1 in

device(conf-if-eth-0/2)# do show access-list ipv6 ip_acl_1 in
ipv6 access-list ip_acl_1 on ethernet 0/22 at Ingress (From User)
    seq 10 deny ipv6 2001:2002:1234:1::/64 2001:1001:1234:1::/64 count (Active)