Ip Port Access-Group - Cisco AP775A - Nexus Converged Network Switch 5010 Command Reference Manual

ip port access-group

S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
ip port access-group
To apply an IPv4 access control list (ACL) to an interface as a port ACL, use the ip port access-group
command. To remove an IPv4 ACL from an interface, use the no form of this command.
Syntax Description
access-list-name
in
Command Default None
Command Modes Interface configuration mode
Command History Release
4.0(0)N1(1a)
Usage Guidelines By default, no IPv4 ACLs are applied to an interface.
You can use the ip port access-group command to apply an IPv4 ACL as a port ACL to the following
interface types:
•
•
You can also apply an IPv4 ACL as a VLAN ACL. For more information, see the
The switch applies port ACLs to inbound traffic only. The switch checks inbound packets against the
rules in the ACL. If the first matching rule permits the packet, the switch continues to process the packet.
If the first matching rule denies the packet, the switch drops the packet and returns an ICMP
host-unreachable message.
If you delete the specified ACL from the switch without removing the ACL from an interface, the deleted
ACL does not affect traffic on the interface.
Examples
This example shows how to apply an IPv4 ACL named ip-acl-01 to Ethernet interface 1/2 as a port ACL:
switch(config)# interface ethernet 1/2
switch(config-if)# ip port access-group ip-acl-01 in
Cisco Nexus 5000 Series Command Reference
6-42
ip port access-group access-list-name in
no ip port access-group access-list-name in
Name of the IPv4 ACL, which can be up to 64 alphanumeric, case-sensitive
characters long.
Specifies that the ACL applies to inbound traffic.
Modification
This command was introduced.
Layer 2 Ethernet interfaces
Layer 2 EtherChannel interfaces
Chapter 6 Security Commands
match command.
OL-16599-01