276 ACL Commands
Default Configuration
This command has no default configuration.
Command Mode
Mac-Access-List Configuration mode
User Guidelines
The no form of this command is not supported, as the rules within an ACL
cannot be deleted individually. Rather the entire ACL must be deleted and
respecified.
The assign-queue and redirect parameters are only valid for permit
commands.
Example
The following example configures a MAC ACL to deny traffic from MAC
address 0806.c200.0000.
console(config)#mac access-list extended DELL123
console(config-mac-access-list)#deny 0806.c200.0000
ffff.ffff.ffff any
ip access-group
Use the ip access-group command in Global and Interface Configuration
modes to apply an IP based ACL on an Ethernet interface or a group of
interfaces. An IP based ACL should have been created by the access-list
name
command with the same name specified in this command.
Use the no ip access-group command to disable an IP based ACL on an
Ethernet interface or a group of interfaces.
Syntax
ip access-group
name
[

direction] [seqnum]

no ip access-group
name

direction seqnum

name
— Access list name. (Range: Valid IP access-list name up to 31
characters in length)
2CSPC4.XCT-SWUM2XX1.book Page 276 Monday, October 3, 2011 11:05 AM