Filter
Top Products
47-38
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
Configuring PACLs
Configuring IPv4, IPv6, and MAC ACLs on a Layer 2 Interface
Note Only IPv4, IPv6 and MAC ACLs can be applied to Layer 2 physical interfaces.
Standard (numbered, named), Extended (numbered, named) IP ACLs, and Extended Named MAC ACLs
are also supported.
To apply IPv4 or MAC ACLs on a Layer 2 interface, perform this task:
To apply IPv6 ACLs on a Layer 2 interface, perform this task:
The following example shows how to configure the Extended Named IP ACL simple-ip-acl to permit all
TCP traffic and implicitly deny all other IP traffic:
Switch(config)# interface Gi3/1
Switch(config-if)# ip access-list extended simple-ip-acl
Switch(config-ext-nacl)# permit tcp any any
Switch(config-ext-nacl)# end
The following example shows how to configure the Extended Named MACL simple-mac-acl to permit
source host 000.000.011 to any destination host:
Switch(config)# interface Gi3/1
Switch(config-if)# mac access-list extended simple-mac-acl
Switch(config-ext-macl)# permit host 000.000.011 any
Switch(config-ext-macl)# end
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface interface
Enters interface configuration mode.
Step 3
Switch(config-if)# [no] {ip | mac}
access-group {name | number} {in | out}
Applies numbered or named ACL to the Layer 2 interface.
The no form deletes the IP or MAC ACL from the Layer 2
interface.
Step 4
Switch(config)# show running-config
Displays the access list configuration.
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface interface
Enters interface configuration mode.
Step 3
Switch(config-if)# [no] ipv6 traffic-filter
name {in | out}
Applied the specified IPv6 ACL to the Layer 2 interface. The
no form deletes the IPv6 ACL from the Layer 2 interface.
Step 4
Switch(config)# show running-config
Displays the access list configuration.