113
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter I Commands
ip access-group
ip access-group
To apply an IPv4 access control list (ACL) to a Layer 3 interface as a router ACL, use the ip
access-group command. To remove an IPv4 ACL from an interface, use the no form of this command.
ip access-group access-list-name in
no ip access-group access-list-name in
Syntax Description
Command Default None
Command Modes Interface configuration mode
Subinterface configuration mode
Command History
Usage Guidelines By default, no IPv4 ACLs are applied to a Layer 3 routed interface.
You can use the ip access-group command to apply an IPv4 ACL as a router ACL to the following
interface types:
• VLAN interfaces
• Layer 3 Ethernet interfaces
• Layer 3 Ethernet subinterfaces
• Layer 3 Ethernet port-channel interfaces and subinterfaces
• Loopback interfaces
• Management interfaces
You can also use the ip access-group command to apply an IPv4 ACL as a router ACL to the following
interface types:
• Layer 2 Ethernet interfaces
• Layer 2 Ethernet port-channel interfaces
However, an ACL applied to a Layer 2 interface with the ip access-group command is inactive unless
the port mode changes to routed (Layer 3) mode.
If you delete the specified ACL from the device without removing the ACL from an interface, the deleted
ACL does not affect traffic on the interface.
A router ACL can be applied only to ingress traffic.
access-list-
name
Name of the IPv4 ACL, which can be up to 64 alphanumeric, case-sensitive
characters.
in Specifies that the ACL applies to inbound traffic.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
