ip access-list role-based
To create a role-based (security group) access control list (RBACL) and enter role-based ACL configuration
mode, use the ip access-list role-based command in global configuration mode. To remove the configuration,
use the no form of this command.
ip access-list role-based access-list-name
no ip access-list role-based access-list-name
Syntax Description
Name of the security group access control list (SGACL).
access-list-name
Command Default
Role-based ACLs are not configured.
Command Modes
Global configuration (config)
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Usage Guidelines
For SGACL logging, you must configure the permit ip log command. Also, this command must be configured
in Cisco IIdentity Services Engine (ISE) to enable logging for dynamic SGACLs.
Examples
The following example shows how to define an SGACL that can be applied to IPv4 traffic and enter role-based
access list configuration mode:
Switch(config)# ip access-list role-based rbacl1
Switch(config-rb-acl)# permit ip log
Related Commands
DescriptionCommand
Permits logging that matches the configured entry.permit ip log
Displays contents of all current IP access lists.show ip access-list
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
758
ip access-list role-based
To Next Page
Loading...
Need help?
General
