Specifications
SSR Command Line Interface Reference Manual 37
acl apply interface
acl apply interface
Purpose
Apply an ACL to an interface.
Format
acl <name> apply interface <InterfaceName> input|output
[logging on|off|deny-only|permit-only] [policy local|external]
Mode
Configure
Description
The acl apply interface command applies a previously defined ACL to an interface.
When you apply an ACL to an interface, you implicitly enable access control on that
interface. You can apply an ACL to filter out inbound traffic, outbound traffic, or both
inbound and outbound traffic. Inbound traffic is packets coming into the interface while
outbound traffic is packets going out of that interface.
When you apply an ACL, you also can enable ACL Logging by using the logging
keyword. When you enable ACL Logging on an interface, the SSR displays ACL Logging
messages on the console. The ACL log provides information such as the interface name,
the ACL name, whether the packet is forwarded or not, and the internal details of the
packet.
You can also specify if the ACL is allowed to be modified or removed from the interface
by an external agent (such as a policy manager application) by using the policy keyword.
If you do not specify the policy keyword, an external agent is allowed to modify or
remove the applied ACL. Note that the acl-policy enable external command must be in
the configuration before an external agent can modify or remove an applied ACL.
Parameters
<name> Name of the ACL. The ACL must already be defined. To define an ACL,
use one of the commands described in other sections in this chapter.
<InterfaceName> Name of the interface to which you are applying the ACL.