Users Guide
ip access-group (ACL VLAN Group)
Apply an egress IP ACL to the ACL VLAN group.
C9000 Series
Syntax
ip access-group access-list-name out implicit-permit
Parameters
access-list-name
Enter the name of the egress IP ACL to be applied to member interfaces of the
VLAN group (140 characters maximum).
out Enter the keyword out to apply the ACL to outgoing traffic.
implicit-permit
Enter the keyword implicit-permit to change the default action of the ACL
from implicit-deny to implicit-permit (that is, if the traffic does not match the
filters in the ACL, the traffic is permitted instead of dropped).
Default None
Command Modes ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp)
Command
History
Version Description
9.9(0.0) Introduced on the C9010.
9.5(0.0) Introduced on the Z9500.
9.3(0.0) Introduced on the S4810, S4820T, and Z9000.
Usage
Information
You can apply only an egress IP ACL on an ACL VLAN group.
member vlan (ACL VLAN Group)
Add VLAN members to an ACL VLAN group.
C9000 Series
Syntax
member vlan {VLAN-range}
Parameters
VLAN-range
Enter the member VLANs using comma-separated VLAN IDs, a range of VLAN IDs,
a single VLAN ID, or a combination. For example:
Comma-separated: 3, 4, 6
Range: 5-10
Combination: 3, 4, 5-10, 8
Default None
Command Modes ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp)
Command
History
Version Description
9.9(0.0) Introduced on the C9010.
9.5(0.0) Introduced on the Z9500.
9.3(0.0) Introduced on the S4810, S4820T, and Z9000.
Usage
Information
At a maximum, there can be only 32 VLAN members in all ACL VLAN groups. A VLAN can belong to only
one ACL VLAN group at a time.
248 Access Control Lists (ACL)