Applying An Acl To An Interface - Cisco 4700M Configuration Manual

Chapter 1 Configuring Security Access Control Lists

Applying an ACL to an Interface

Note
OL-16202-01
Before you can start using a configured ACL, you must apply it to one or more
interfaces.
To apply an ACL to the inbound or outbound direction of an interface and make
the ACL active, use the access-group command in interface configuration mode.
You can apply one ACL of each type (extended and EtherType) to both directions
of the interface. See the
information about ACL directions.
If you have already applied a global ACL to all interfaces in a context, you cannot
apply another ACL to an individual interface in that context. For details about
applying an ACL globally, see the
in a Context" section.
For connectionless protocols, you must apply the ACL to the source and
destination interfaces if you want traffic to pass in both directions. For example,
you can allow BGP in an ACL in transparent mode, and you must apply the ACL
to both interfaces.
The syntax of this command is as follows:
access-group {input | output} acl_name
The keywords and arguments are as follows:
input | output—Specifies the direction (inbound or outbound) of the
•
interface to which you want to apply the ACL.
acl_name—Identifier of an existing ACL that you want to apply to an
•
interface. Enter an unquoted text string with no spaces and a maximum of
64 alphanumeric characters.
For example, enter:
host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# access-group input INBOUND
To remove an ACL from an interface, enter:
host1/Admin(config-if)# no access-group input INBOUND
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
"Inbound and Outbound ACLs"
"Applying an ACL Globally to All Interfaces
Applying an ACL to an Interface
section for more
1-31