Creating and applying ACLs
Create an ACL composed of one or more access control entries (ACEs) ordered and prioritized by sequence. Then, apply the ACL on an interface.
Prerequisites
You must be in the global configuration context:
switch(config)#
Determine the following for each ACL:
Do you want to permit or deny traffic flow?
What matching criteria do you want to define in the ACEs?
On which interface so you want to apply the ACL?
- Do you want to specify filtering on inbound or outbound packets?NOTE:
No ACLs (including ACLs for IPv4, IPv6, and MAC) are supported in egress on the Layer 2 interface. Egress ACLs can only be applied to Layer 3 (route-only) interfaces. Applying an egress ACL to a Layer 2 interface results in an error.
Procedure
Configuring and applying an ACL
switch(config)# access-list ip MY_IP_ACL switch(config-acl-ip)# 10 permit udp any 172.16.1.0/24 switch(config-acl-ip)# 20 permit tcp 172.16.2.0/16 lt 1023 any switch(config-acl-ip)# 30 permit tcp 172.26.1.0/24 any syn ack dscp 10 switch(config-acl-ip)# 40 deny any any any count switch(config-acl-ip)# exit switch(config)# interface 1/1/2 switch(config-if)# apply access-list ip MY_IP_ACL in