Home
Support
Product Support
Optical Networking
Cisco Network Convergence System 1000 Series
Configuration Guides

System Setup and Software Installation Guide for Cisco NCS 1010, IOS XR Releases

How do ACL entries decide whether to permit or deny traffic?
What changes when ACLs are applied inbound instead of outbound?
How should IPv4 and IPv6 ACL behavior be verified after applying them?

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

System Setup and Software Installation Guide for Cisco NCS 1010, IOS XR Releases

How do ACL entries decide whether to permit or deny traffic?
What changes when ACLs are applied inbound instead of outbound?
How should IPv4 and IPv6 ACL behavior be verified after applying them?

Expand all sections

About this content

Cisco NCS 1010 optical line system

Cisco NCS 1010 chassis and line cards
Cisco NCS 1000 passive modules

Software setup fundamentals

Types of software releases for Cisco NCS 1010
Downloadable software files for Cisco NCS 1010
Command modes for Cisco NCS 1010

Setup procedures

Pre-setup requirements for Cisco NCS 1010
Cisco NCS 1010 setup workflow
Cisco NCS 1010 software and hardware verification
Cisco NCS 1010 post-setup tasks

TACACS+ and RADIUS configuration

TACACS+ and RADIUS configuration details
Deprecation of type 7 password and type 5 secret
TACACS+ protocol
Configure TACACS+ server
Configure and verify TACACS+ server groups
RADIUS protocol
Configure and verify RADIUS server groups

Setup and upgrade workflow

NCS 1010 upgrade
Software and firmware compatibility matrix
Software upgrade plan
Back up the current configuration
Field programmable devices
System stability checks
Install file sources
Download install files from Cisco Software Center
Software upgrade methods
Data model software upgrade method
Software upgrade verification

Classic ZTP deployment

DHCP configuration
Provision Cisco NCS 1010 using DHCP-based ZTP fresh boot

Software maintenance

Install additional RPMs and bug fixes
Downgrade software version
Telemetry sensor paths for install operations

Setup and upgrade troubleshooting

NCS 1010 boot failure recovery
Recover password
Resolve insufficient disk space during software installation
Recover frozen console prompt

Disaster recovery

Disaster recovery partitions
CPU replacement considerations
Backup ISO image health check
Automated file management behavior

BGP configuration

BGP routing

CDP configurations

CDP support on Cisco NCS 1010

Daisy chain topology

Daisy chain topology
Configure daisy chain on management ports
Verify daisy chain
Enable storm control on TOR switch
Disable DAD on the management port

Access control lists

Access control lists
How access control lists work
Apply ACLs
ACL configuration procedures

Remote node management

Remote node management details for NCS 1010
Remote node management with OSC
Remote node management prerequisites
DHCP relay configuration for OLT node
Loopback IP address for OSC interface
OSPF neighbor discovery
ILA node configuration
OLT node configuration

Remote console connection workflow

Remote console connection details
Remote console connection support for Cisco NCS 1010
Find the MAC address of all the nodes
Connect to a remote node

Automated file management

Automated file management behavior

Audit log storage and monitoring

Audit logging and monitoring details
Audit logs
How audit logging works
Guideline: Use audit logging
Note: Review audit log storage behavior
Configure audit logging

Process memory management

Process memory management details
Core dump folders

Apply ACLs

Updated: June 17, 2026

Want to summarize with AI?

Use this procedure to apply ACLs on Cisco NCS 1010 so that configured packet-filtering rules control traffic on the selected interface.

Configure apply ACLs so that Cisco NCS 1010 uses the required settings for the selected system setup, management, or routing workflow.

Use this task when you need to apply ACLs on Cisco NCS 1010.

Before you begin

Follow these steps to apply ACLs:

Procedure

	1.	Run the Apply ACLs command to complete this task. After you create an ACL, you must reference the ACL to make it work. ACL can be applied on either outbound or inbound interfaces. This section describes guidelines on how to accomplish this task for both terminal lines and network interfaces.
	2.	Run the Apply ACLs command to complete this task. For inbound ACLs, after receiving a packet, Cisco IOS XR software checks the source address of the packet against the ACL. If the ACL permits the address, the software continues to process the packet. If the ACL rejects the address, the software discards the packet and returns an ICMP host unreachable message. The ICMP message is configurable.
	3.	Run the Apply ACLs command to complete this task. For outbound ACLs, after receiving and routing a packet to a controlled interface, the software checks the source address of the packet against the ACL. If the ACL permits the address, the software sends the packet. If the ACL rejects the address, the software discards the packet and returns an ICMP host unreachable message.
	4.	Run the Apply ACLs command to complete this task. When you apply an ACL that has not yet been defined to an interface, the software acts as if the ACL has not been applied to the interface and accepts all packets. Note this behavior if you use undefined ACLs as a means of security in your network.

The system completes the apply ACLs task.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.