Filtering inbound IPv4 traffic per port

For a given port, port list, or static port trunk, you can assign an ACL as a static port ACL to filter any IPv4 traffic entering the switch on that interface. You can also use the same ACL for assignment to multiple interfaces. For limits and operating rules, see IPv4 ACL configuration and operating rules.

Syntax


interface {<port-list | Trkx>} ip access-group <identifier> in
no interface {<port-list | Trkx>} ip access-group <identifier> in

where: <identifier> =either a ACL name or an ACL ID number.

Assigns an ACL as a static port ACL to a port, port list, or static trunk to filter any IPv4 traffic entering the switch on that interface. You can use either the global configuration level or the interface context level to assign or remove a static port ACL.

NOTE:

The switch allows you to assign a nonexistent ACL name or number to an interface. In this case, if you subsequently configure an ACL with that name or number, it automatically becomes active on the assigned interface. Also, if you delete an assigned ACL from the switch without subsequently using the no form of this command to remove the assignment to an interface, the ACL assignment remains and automatically activates any new ACL you create with the same identifier (name or number).

Methods for enabling and disabling ACLs