If the interface is configured with the mac packet-classify command, you cannot apply an IP port ACL to
the interface until you remove the mac packet-classify command from the interface configuration.
Note
Before you begin
Ensure that the ACL you want to apply exists and that it is configured to filter traffic in the manner that you
need for this application.
SUMMARY STEPS
1. configure terminal
2. Enter one of the following commands:
• interface ethernet slot/port
• interface port-channel channel-number
3. Enter one of the following commands:
• ip port access-group access-list in
• ipv6 port traffic-filter access-list in
4. (Optional) show running-config aclmgr
5. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode for the interface type that you
specified.
Enter one of the following commands:
Step 2
• interface ethernet slot/port
• interface port-channel channel-number
Example:
switch(config)# interface ethernet 2/3
switch(config-if)#
Applies an IPv4 or IPv6 ACL to the interface or port
channel. Only inbound filtering is supported with port
ACLs. You can apply one port ACL to an interface.
Enter one of the following commands:
Step 3
• ip port access-group access-list in
• ipv6 port traffic-filter access-list in
Example:
switch(config-if)# ip port access-group
acl-l2-marketing-group in
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
261
Configuring IP ACLs
Applying an IP ACL as a Port ACL
To Next Page
Loading...
