Applying an IPv6-ACL to an Interface
Tip
The IP-ACL applied to the interface for the ingress traffic affects both local and remote traffic.
• Out—Traffic that has already been through the switch and is leaving the interface; the source is where
Tip
The IP-ACL applied to the interface for the egress traffic only affects local traffic.
To apply an IPv4-ACL to an interface, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# interface mgmt0
switch(config-if)#
Configures a management interface (mgmt0).
Step 3
switch(config-if)# ip access-group restrict_mgmt
Applies an IPv4-ACL called restrict_mgmt for both the ingress and egress traffic (default).
Step 4
switch(config-if)# no ip access-group NotRequired
Removes the IPv4-ACL called NotRequired.
Step 5
switch(config-if)# ip access-group restrict_mgmt in
Applies an IPv4-ACL called restrict_mgmt (if it does not already exist) for ingress traffic.
Step 6
switch(config-if)# no ip access-group restrict_mgmt in
Removes the IPv4-ACL called restrict_mgmt for ingress traffic.
Step 7
switch(config-if)# ip access-group SampleName2 out
Applies an IPv4-ACL called SampleName2 (if it does not already exist) for local egress traffic.
Step 8
switch(config-if)# no ip access-group SampleName2 out
Removes the IPv4-ACL called SampleName2 for egress traffic.
Applying an IPv6-ACL to an Interface
To apply an IPv6-ACL to an interface, follow these steps:
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
112
it transmitted from and the destination is where it is transmitted to.
Configuring IPv4 and IPv6 Access Control Lists