EasyManua.ls Logo

Cisco Nexus 7000 Series - Page 402

Cisco Nexus 7000 Series
1018 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Layer 3 Ethernet port-channel interfaces and subinterfaces
Tunnels
Loopback interfaces
Management interfaces
You can also use the ip access-group command to apply an IPv4 ACL as a router ACL to the following
interface types:
Layer 2 Ethernet interfaces
Layer 2 Ethernet port-channel interfaces
However, an ACL applied to a Layer 2 interface with the ip access-group command is inactive unless the
port mode changes to routed (Layer 3) mode. To apply an IPv4 ACL as a port ACL, use the ip port
access-group command.
The device applies router ACLs on either outbound or inbound traffic. When the device applies an ACL to
inbound traffic, the device checks inbound packets against the rules in the ACL. If the first matching rule
permits the packet, the device continues to process the packet. If the first matching rule denies the packet, the
device drops the packet and returns an ICMP host-unreachable message.
For outbound access lists, after receiving and routing a packet to an interface, the device checks the ACL. If
the first matching rule permits the packet, the device sends the packet to its destination. If the first matching
rule denies the packet, the device drops the packet and returns an ICMP host unreachable message.
If you delete the specified ACL from the device without removing the ACL from an interface, the deleted
ACL does not affect traffic on the interface.
This command does not require a license.
Examples
This example shows how to apply an IPv4 ACL named ip-acl-01 to Ethernet interface 2/1:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# ip access-group ip-acl-01 in
This example shows how to remove an IPv4 ACL named ip-acl-01 from Ethernet interface 2/1:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# no
ip access-group ip-acl-01 in
Related Commands
DescriptionCommand
Configures an IPv4 ACL.ip access-list
Applies an IPv4 ACL as a port ACL.ip port access-group
Displays all ACLs.show access-lists
Shows either a specific IPv4 ACL or all IPv4 ACLs.show ip access-lists
Cisco Nexus 7000 Series Security Command Reference
376
I Commands
ip access-group

Table of Contents

Other manuals for Cisco Nexus 7000 Series

Preview: Quick Start Guide
Quick Start Guide10 pages
Preview: Reference Guide
Reference Guide746 pages
Preview: Configuration Guide
Configuration Guide536 pages
Preview: Hardware Installation And Reference Guide
Hardware Installation And Reference Guide402 pages
Preview: Troubleshooting
Troubleshooting10 pages
Preview: Configuring
Configuring8 pages

Related product manuals