Filtering routed IPv4 traffic
For a given VLAN interface on a switch configured for routing, you can assign an ACL as an RACL to filter inbound IPv4 traffic and another ACL as a RACL to filter outbound IPv4 traffic. You can also assign one ACL for both inbound and outbound RACLs, and for assignment to multiple VLANs. For limits and operating rules, see IPv4 ACL configuration and operating rules.
Syntax
[no] vlan <vid> ip access-group <identifier> <in out>
where: <identifier> =either a ACL name or an ACL ID number.
Assigns an ACL to a VLAN as an RACL to filter routed IPv4 traffic
entering or leaving the switch on that VLAN. You can use either the
global configuration level or the VLAN context level to assign or
remove an RACL.
Note: The switch allows you to assign a nonexistent ACL name
or number to a VLAN. In this case, if you subsequently configure an
ACL with that name or number, it automatically becomes active on the
assigned VLAN. Also, if you delete an assigned ACL from the switch
without subsequently using the "no"
form of this command to remove the assignment to a VLAN, the ACL assignment
remains and automatically activates any new ACL you create with the
same identifier (name or number).