Administrator Guide
ip access-group (ACL VLAN Group)
Apply an egress IP ACL to the ACL VLAN group.
C9000 Series
Syntax
ip access-group access-list-name out implicit-permit
Parameters
access-list-name
Enter the name of the egress IP ACL to be applied to member interfaces of the VLAN
group (140 characters maximum).
out Enter the keyword out to apply the ACL to outgoing traffic.
implicit-permit
Enter the keyword implicit-permit to change the default action of the ACL from
implicit-deny to implicit-permit (that is, if the traffic does not match the filters in the ACL,
the traffic is permitted instead of dropped).
Default None
Command Modes ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp)
Command History
Version Description
9.9(0.0) Introduced on the C9010.
9.5(0.0) Introduced on the Z9500.
9.3(0.0) Introduced on the S4810, S4820T, and Z9000.
Usage Information You can apply only an egress IP ACL on an ACL VLAN group.
member vlan (ACL VLAN Group)
Add VLAN members to an ACL VLAN group.
C9000 Series
Syntax
member vlan {VLAN-range}
Parameters
VLAN-range
Enter the member VLANs using comma-separated VLAN IDs, a range of VLAN IDs, a
single VLAN ID, or a combination. For example:
Comma-separated: 3, 4, 6
Range: 5-10
Combination: 3, 4, 5-10, 8
Default None
Command Modes ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp)
Command History
Version Description
9.9(0.0) Introduced on the C9010.
9.5(0.0) Introduced on the Z9500.
9.3(0.0) Introduced on the S4810, S4820T, and Z9000.
Usage Information At a maximum, there can be only 32 VLAN members in all ACL VLAN groups. A VLAN can belong to only one ACL
VLAN group at a time.
You can create an ACL VLAN group and attach the ACL with the VLAN members. The optimization is applicable
only when you create an ACL VLAN group. If you apply an ACL separately on the VLAN interface, each ACL has a
mapping with the VLAN and increased CAM space utilization occurs.
Access Control Lists (ACL) 245