Deployment Guide
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
ip access-group
Apply an egress IP ACL to an interface.
Syntax
ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-id]
[layer3]
Parameters
access-list-name Enter the name of a congured access list, up to 140 characters.
in Enter the keyword in to apply the ACL to incoming trac.
out Enter the keyword out to apply the ACL to the outgoing trac.
implicit-permit (OPTIONAL) Enter the keyword implicit-permit to change the default action of the
ACL from implicit-deny to implicit-permit (that is, if the trac does not match the lters
in the ACL, the trac is permitted instead of dropped).
vlan vlan-id (OPTIONAL) Enter the keyword vlan then the ID numbers of the VLANs.
layer3 (OPTIONAL) Enter the keyword layer3 to enable layer 3 mode. It ensures that all the ACL
rules in the access-group are applied only for L3 router packets.
Defaults Not enabled..
Command Modes INTERFACE
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module platform.
Usage Information You can assign one ACL (standard or extended ACL) to an interface..
NOTE: This command is
not
supported on the FN IOMSwitch Loopback interfaces.
NOTE: If outbound(egress) IP ACL is applied on switch port, lter will be applied only for routed trac
egressing out of that port.
Related Commands
ip access-list standard — congures a standard ACL.
ip access-list extended — congures an extended ACL.
Access Control Lists (ACL) 153