The following example shows how to create an IPv4 ACL named acl-01 and apply it as a port ACL to Ethernet interface 2/1, which
is a Layer 2 interface:
ip access-list acl-01
permit ip 192.168.2.0/24 any
interface ethernet 2/1
ip port access-group acl-01 in
The following example shows how to create an IPv6 ACL named acl-120 and apply it as a router ACL to Ethernet interface 2/3,
which is a Layer 3 interface:
ipv6 access-list acl-120
permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
permit udp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
permit tcp 2001:0db8:69f2::/48 2001:0db8:be03:2112::/64
permit udp 2001:0db8:69f2::/48 2001:0db8:be03:2112::/64
interface ethernet 2/3
ipv6 traffic-filter acl-120 in
The following example shows how to create a VTY ACL named single-source and apply it on input IP
traffic over the VTY line. This ACL allows all TCP
traffic through and drops all other IP traffic:
ip access-list single-source
permit tcp 192.168.7.5/24 any
exit
line vty
ip access-class single-source in
show ip access-lists
The following example shows how to enable ACL capture in the default VDC and configure a destination for ACL capture packets:
hardware access-list capture
monitor session 1 type acl-capture
destination interface ethernet 2/1
no shut
exit
show ip access-lists capture session 1
The following example shows how to enable a capture session for an ACL's access control entries (ACEs) and then apply the
ACL to an interface:
ip access-list acl1
permit tcp any any capture session 1
exit
interface ethernet 1/11
ip access-group acl1 in
no shut
show running-config aclmgr
The following example shows how to apply an ACL with capture session access control entries (ACEs) to a VLAN:
vlan access-map acl-vlan-first
match ip address acl-ipv4-first
match mac address acl-mac-first
action foward
statistics per-entry
vlan filter acl-vlan-first vlan-list 1
show running-config vlan 1