Attaching an ACL individually to VLAN interfaces is similar to the behavior of ACL-
VLAN mapping storage in CAM prior to the implementation of the ACL VLAN group
functionality.
ip access-group
Apply an egress IP ACL to the ACL VLAN group.
Syntax
ip access-group {group name} out implicit-permit
Parameters
group-name Enter the name of the ACL VLAN group where you want the
egress IP ACLs applied, up to 140 characters.
out Enter the keyword out to apply the ACL to outgoing traffic.
implicit-permit
Enter the keyword implicit-permit to change the default
action of the ACL from implicit-deny to implicit-permit (that
is, if the traffic does not match the filters in the ACL, the
traffic is permitted instead of dropped).
Default None
Command
Modes
CONFIGURATION (conf-acl-vl-grp)
Command
History
Version 9.3.
(0.0)
Introduced on the S4810, S4820T, and Z9000 platforms.
Usage
Information
You can apply only an egress IP ACL on an ACL VLAN group.
show acl-vlan-group
Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.
Syntax
show acl-vlan-group {group-name | detail}
Parameters
group-name (Optional) Display only the ACL VLAN group that is specified,
up to 140 characters.
detail
Display information in a line-by-line format to display the
names in their entirety.
374
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)