Reference Guide
Access Control Lists (ACL) | 115
ip access-group
s z
Assign an IP access list (IP ACL) to an interface.
Syntax
ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-id]
To delete an IP access-group configuration, use the no ip access-group access-list-name {in |
out} [implicit-permit] [vlan vlan-id] command.
Parameters
Defaults
Not enabled.
Command Modes
INTERFACE
Command
History
Usage
Information
You can assign one ACL (standard or extended ACL) to an interface.
Related
Commands
ip control-plane egress-filter
z
Enable egress Layer 3 ACL lookup for IPv4 CPU traffic
Syntax
ip control-plane egress-filter
Defaults
Not enabled.
Command Modes
EXEC Privilege
S6000
access-list-name
Enter the name of a configured access list, up to 140 characters.
in Enter the keyword in to apply the ACL to incoming traffic.
out Enter the keyword out to apply the ACL to outgoing traffic.
implicit-permit (OPTIONAL) Enter the keyword implicit-permit to change the default action
of the ACL from implicit-deny to implicit-permit (that is, if the traffic does not
match the filters in the ACL, the traffic is permitted instead of dropped).
vlan vlan-id (OPTIONAL) Enter the keyword vlan followed by the ID numbers of the
VLANs.
Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094)
Version 9.0.2.0 Introduced on S6000.
Version 8.3.11.1 Introduced on the Z9000.
Version 7.6.1.0 Introduced on S-Series.
pre-Version 6.2.1.1 Introduced
Note: This command is supported on the loopback interfaces of EE3, and EF series RPMs. It
is not supported on loopback interfaces ED series RPM, or on S-Series loopback interfaces.
Note: If outbound (egress) IP acl is applied on switch port, filter will be applied only for
routed traffic egressing out of that port.
ip access-list standard Configure a standard ACL.
ip access-list extended Configure an extended ACL.
S6000