apply access-list
(to VLAN)
Syntax
apply access-list {ip|ipv6|mac} <ACL-NAME> in
no apply access-list {ip|ipv6|mac} <ACL-NAME> in
Description
Applies an ACL to the VLAN identified by the current VLAN context.
The
no
form of this command removes application of the ACL from the VLAN identified by the current VLAN context.
Command context
config-vlan
Parameters
ip|ipv6|mac
Specifies the ACL type:
ip
for IPv4,ipv6
for IPv6, ormac
for MAC ACL.<ACL-NAME>
Specifies the ACL name.
in
Specifies the inbound (ingress) traffic direction.
Authority
Administrators
Usage
Only one ACL type (
ip
,ipv6
, ormac
) may be applied to a VLAN at a time. Therefore, using theapply access-list
command on a VLAN with an already-applied ACL of the same type, will replace the applied ACL.If during switch reboot, an ACL fails to be applied to a VLAN, all the ports will be shut down. The switch must be restarted to recover from the failure. Modifying the VLAN or ACL configuration will not cause the ports to be restarted.
Examples
Applying My_ip_ACL to ingress traffic on VLAN 10.:
switch(config)# vlan 10 switch(config-vlan-10)# apply access-list ip My_ip_ACL in switch(config-vlan-10)# exit switch(config)#
Applying My_ipv6_ACL to ingress traffic on VLAN 10:
switch(config)# vlan 10 switch(config-vlan-10)# apply access-list ipv6 My_ipv6_ACL in switch(config-vlan-10)# exit switch(config)#
Applying My_mac_ACL to ingress traffic on VLAN 10:
switch(config)# vlan 10 switch(config-vlan-10)# apply access-list mac My_mac_ACL in switch(config-vlan-10)# exit switch(config)#
Replacing My_ipv6_ACL with My_Replacement_ACL on VLAN 10 (following the preceding examples):
switch(config)# vlan 10 switch(config-vlan-10)# apply access-list ipv6 My_Replacement_ACL in switch(config-vlan-10)# exit switch(config)#
Removing (unapplying) several ACLs on VLAN 10:
switch(config)# vlan 10 switch(config-vlan-10)# no apply access-list ipv6 My_Replacement_ACL in switch(config-vlan-10)# no apply access-list mac My_mac_ACL in switch(config-vlan-10)# exit switch(config)#