HP Cisco MDS 9216 Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2( - Page 376

ip port access-group Chapter 6 Security Commands Send comments to [email protected] ip port access-group To apply an IPv4 access control list (ACL) to an interface as a port ACL, use the ip port access-group command. To remove an IPv4 ACL from an interface, use the no form of this command. ip port access-group access-list-name in no ip port access-group access-list-name in Syntax Description access-list-name in Name of the IPv4 ACL, which can be up to 64 alphanumeric, case-sensitive characters long. Specifies that the ACL applies to inbound traffic. Command Default None Command Modes Interface configuration mode Command History Release 4.0(0)N1(1a) Modification This command was introduced. Usage Guidelines By default, no IPv4 ACLs are applied to an interface. You can use the ip port access-group command to apply an IPv4 ACL as a port ACL to the following interface types: • Layer 2 Ethernet interfaces • Layer 2 EtherChannel interfaces You can also apply an IPv4 ACL as a VLAN ACL. For more information, see the match command. The switch applies port ACLs to inbound traffic only. The switch checks inbound packets against the rules in the ACL. If the first matching rule permits the packet, the switch continues to process the packet. If the first matching rule denies the packet, the switch drops the packet and returns an ICMP host-unreachable message. If you delete the specified ACL from the switch without removing the ACL from an interface, the deleted ACL does not affect traffic on the interface. Examples This example shows how to apply an IPv4 ACL named ip-acl-01 to Ethernet interface 1/2 as a port ACL: switch(config)# interface ethernet 1/2 switch(config-if)# ip port access-group ip-acl-01 in 6-42 Cisco Nexus 5000 Series Command Reference OL-16599-01