Applying, replacing, or removing ACLs in the interface configuration context

Apply an ACL to the current interface context. Individual front plane ports or Link Aggregation Groups (LAGs) are valid interfaces for applying ACLs. Only one direction (for example, inbound) and type (for example, IPv4) of ACL can be applied to an interface at a time. IPv6 and MAC ACLs can only be applied to inbound traffic. Also use this command to replace or remove an ACL from a specific interface.

Prerequisites

You must be in the interface configuration context (config-if) or the interface LAG configuration context (config-lag-if).

Procedure

In the interface configuration context or the interface LAG configuration context, enter the following command:

apply access-list {ip|ipv6|mac} <ACL-NAME> {in|out}

Specify the type of ACL, the name of the applicable ACL, and whether to apply to inbound (ingress) or outbound (egress) traffic.

Use the no form of the command for removing an ACL.

Applying MY_MAC_ACL to ingress traffic on interface 1/1/1 and ingress traffic on interface 1/1/2:

switch(config)# interface 1/1/1
switch(config-if)# apply access-list mac MY_MAC_ACL in
switch(config-if)# exit
switch(config)# interface 1/1/2
switch(config-if)# apply access-list mac MY_MAC_ACL in
switch(config-if)# exit
switch(config)#