Applying, replacing, or removing ACLs in the interface configuration context
Apply an ACL to the current interface context. Individual front plane ports or Link Aggregation Groups (LAGs) are valid interfaces for applying ACLs. Only one direction (for example, inbound) and type (for example, IPv4) of ACL can be applied to an interface at a time. IPv6 and MAC ACLs can only be applied to inbound traffic. Also use this command to replace or remove an ACL from a specific interface.
You must be in the interface configuration context (config-if
) or the interface LAG configuration context (config-lag-if
).
apply access-list {ip|ipv6|mac}
<ACL-NAME> {in|out}
Specify the type of ACL, the name of the applicable ACL, and whether to apply to inbound (ingress) or outbound (egress) traffic.
Use the
no
form of the command for removing an ACL.
Applying MY_MAC_ACL to ingress traffic on interface 1/1/1 and ingress traffic on interface 1/1/2:
switch(config)# interface 1/1/1 switch(config-if)# apply access-list mac MY_MAC_ACL in switch(config-if)# exit switch(config)# interface 1/1/2 switch(config-if)# apply access-list mac MY_MAC_ACL in switch(config-if)# exit switch(config)#