Chapter 7: Quality of Service Commands 669
number is already in use for this interface and direction, the specified access list
replaces the currently attached IP access list using that sequence number. If the
sequence number is not specified for this command, a sequence number that is
one greater than the highest sequence number currently in use for this interface
and direction is used.
An optional control-plane is specified to apply the ACL on CPU port. The IPv4
control packets like RADIUS and TACACS+ are also dropped because of the
implicit deny all rule added at the end of the list. To overcome this, permit rules
must be added to allow the IPv4 control packets.
The keyword control-plane is only available in Global Config mode.
The following shows an example of the command.
(CN1610) (Config)#ip access-group ip1 control-plane
no ip access-group
This command removes a specified IP ACL from an interface.
Default none
Format
ip access-group {
accesslistnumber
|
name
} {{
control-
plane
|
in
|
out
}|vlan
vlan-id
{in|out}}
Modes ◆ Interface Config
◆ Global Config
Parameter Description
accesslistnumber Identifies a specific IP ACL. The range is 1 to 199.
vlan-id A VLAN ID associated with a specific IP ACL in a
given direction.
name The name of the Access Control List.
Default none
Format
no ip access-group {
accesslistnumber
|
name
} {{
control-
plane
|
in
|
out
}|vlan
vlan-id
{in|out}}
To Next Page
Loading...
