Concept Guide
specify (ipv4 or ipv6), the ACL processes either IPv4 or IPv6 rules, but not both. Using this conguration, you
can set up two dierent types of access classes with each class processing either IPv4 or IPv6 rules separately.
However, if you already have congured generic IP ACL on a terminal line, then you cannot further apply IPv4 or
IPv6 specic ltering on top of this conguration. Because, both IPv4 and IPv6 access classes are already
congured on this terminal line. Before applying either IPv4 or IPv6 ltering, you must rst undo the generic
conguration using the
no access-class access-list-name command.
Similarly, if you have congured either IPv4 or IPv6 specic ltering on a terminal line, you cannot apply generic IP
ACLs on top of this conguration. Before applying the generic ACL conguration, you must rst undo the existing
conguration using the no access-class access-list-name [ipv4 | ipv6] command.
clear counters ip access-group
Erase all counters maintained for access lists.
Syntax
clear counters ip access-group [access-list-name]
Parameters
access-list-name (OPTIONAL) Enter the name of a congured access-list, up to 140 characters.
Command Modes EXEC Privilege
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
ip access-group
Apply an egress IP ACL to an interface.
Syntax
ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-id]
[layer3]
Parameters
access-list-name Enter the name of a congured access list, up to 140 characters.
in Enter the keyword in to apply the ACL to incoming trac.
out Enter the keyword out to apply the ACL to the outgoing trac.
implicit-permit (OPTIONAL) Enter the keyword implicit-permit to change the default action of the
ACL from implicit-deny to implicit-permit (that is, if the trac does not match the lters
in the ACL, the trac is permitted instead of dropped).
vlan vlan-id (OPTIONAL) Enter the keyword vlan then the ID numbers of the VLANs.
layer3 (OPTIONAL) Enter the keyword layer3 to enable layer 3 mode. It ensures that all the ACL
rules in the access-group are applied only for L3 router packets.
Defaults Not enabled..
Command Modes INTERFACE
156 Access Control Lists (ACL)