2
67
•
deny-any—Deny all packets (that were ingress at the port) that do not meet
the rules in this ACL.
•
permit-any—Forward all packets (that were ingress at the port) that do not
meet the rules in this ACL.
Default Configuration
No ACL is assigned.
Command Mode
Interface Configuration mode (Ethernet, Port-Channel,,VLAN )
User Guidelines
The following rules govern when ACLs can be bound or unbound from an
interface:
•
IPv4 ACLs and IPv6 ACLs can be bound together to an interface.
•
A MAC ACL cannot be bound on an interface which already has an IPv4
ACL or IPv6 ACL bound to it.
•
Two ACLs of the same type cannot be bound to a port.
•
An ACL cannot be bound to a port that is already bound to an ACL, without
first removing the current ACL. Both ACLs must be mentioned at the same
time in this command.
•
MAC ACLs that include a VLAN as match criteria cannot be bound to a
VLAN.
•
ACLs with time-based configuration on one of its ACEs cannot be bound to
a VLAN.
•
ACLs with the action Shutdown cannot be bound to a VLAN.
•
When the user binds ACL to an interface, TCAM resources will be
consumed. One TCAM rule for each MAC or IP ACE and two TCAM rules for
each IPv6 ACE.The TCAM consumption is always even number, so in case
of odd number of rules the consumption will be increased by 1.
•
An ACL cannot be bound as input if it has been bound as output.
Example
switchxxxxxx(config)# mac access-list extended server-acl
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
ACL Commands