KB.15.15

Figure 193 Methods for enabling and disabling RACLs

Filtering IPv4 traffic inbound on a VLAN

For a given VLAN interface, you can assign an ACL as a VACL to filter any IPv4 traffic entering

the switch on that VLAN. You can also use the same ACL for assignment to multiple VLANs. For

limits and operating rules, see “IPv4 ACL configuration and operating rules” (page 320).

Syntax:

[no] vlan < vid > ip access-group <identifier> vlan

where: < identifier > =either a ACL name or an ACL ID number.

Assigns an ACL as a VACL to a VLAN to filter any IPv4 traffic entering the switch

on that VLAN. You can use either the global configuration level or the VLAN context

level to assign or remove a VACL.

NOTE: The switch allows for assigning a nonexistent ACL name or number to a

VLAN. In this case, if you subsequently configure an ACL with that name or number,

it automatically becomes active on the assigned VLAN. Also, if deleting an assigned

ACL from the switch without subsequently using the "no" form of this command to

remove its assignment to a VLAN, the ACL assignment remains and automatically

activates any new ACL created with the same identifier (name or number).

Figure 194 Methods for enabling and disabling VACLs

Filtering inbound IPv4 traffic per port

For a given port, port list, or static port trunk, you can assign an ACL as a static port ACL to filter

any IPv4 traffic entering the switch on that interface. You can also use the same ACL for assignment

to multiple interfaces. For limits and operating rules, see “IPv4 ACL configuration and operating

rules” (page 320).

Syntax:

[no] interface < port-list | Trkx >

ip access-group < identifier > in

where: < identifier > =either a ACL name or an ACL ID number.

282 IPv4 Access Control Lists (ACLs)