Applying An Acl Globally To All Interfaces In A Context - Cisco 4700M Configuration Manual

Applying an ACL Globally to All Interfaces in a Context

Applying an ACL Globally to All Interfaces in a
Context
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-32
You can apply an ACL to all interfaces in a context at once, subject to the
following conditions:
No interface in the context has an ACL applied to it.
•
You can globally apply one Layer 2 and one Layer 3 ACL in the inbound
•
direction only.
• On Layer 2 bridged-group virtual interfaces (BVIs), you can apply both Layer
3 and Layer 2 ACLs.
On Layer 3 virtual LAN (VLAN) interfaces, you can apply only Layer 3
•
ACLs.
In a redundancy configuration, the ACE does not apply a global ACL to the
•
FT VLAN. For details about redundancy, see the Cisco 4700 Series
Application Control Engine Appliance Administration Guide.
To apply an ACL globally to all interfaces in a context in the inbound direction,
use the access-group input command in configuration mode. The syntax of this
command is as follows:
access-group input acl_name
For the acl_name argument, enter the identifier of an existing ACL as an unquoted
text string with no spaces and a maximum of 64 alphanumeric characters.
You can use this command to allow all traffic on all interfaces in a context by
applying an ACL similar to the following example:
host1/Admin(config)# access-list ALL_ACCESS permit ip any any
Then, apply the ACL globally by entering:
host1/Admin(config)# access-group input ALL_ACCESS
To remove the ACL from all interfaces in the context, enter:
host1/Admin(config)# no access-group input ALL_ACCESS
Chapter 1 Configuring Security Access Control Lists
OL-16202-01