Applying ACL Policy Files

A policy file intended to be used as an ACL is applied to a port, VLAN, or to all interfaces (the any keyword). Use the name of the policy file for the aclname parameter in the CLI command. To apply an ACL policy, use the following command:

configure access-list aclname [any | ports portlist | vlan vlanname] {ingress | egress}

If you use the any keyword, the ACL is applied to all the interfaces and is referred to as the wildcard ACL. This ACL is evaluated for any ports without specific ACLs, and it is also applied to any packets that do not match the specific ACLs applied to the interfaces.

If an ACL is already configured on an interface, the command will be rejected and an error message displayed.

To remove an ACL from an interface, use the following command:

unconfigure access-list aclname [any | ports portlist | vlan vlanname] {ingress | egress}

To display which interfaces have ACLs configured, and which ACL is on which interface, use the following command:

show access-list aclname [any | ports portlist | vlan vlanname] {ingress | egress}
Note

Note

If an ACL needs to be installed for traffic that is L3 routed, and the ingress/egress ports are on different packet-processing units or different slots, and any of the following features are enabled, we recommend that you install the policy on a per-port basis rather than applying it as a wildcard, or VLAN-based ACL.
  • This command is available on all Universal switches supported in this document.
  • PVLAN
  • Multiport-FDB