10-82
IPv4 Access Control Lists (ACLs)
Adding or Removing an ACL Assignment On an Interface
Figure 10-20. Methods for Enabling and Disabling RACLs
Filtering IPv4 Traffic Inbound on a VLAN
For a given VLAN interface, you can assign an ACL as a VACL to filter any IPv4
traffic entering the switch on that VLAN. You can also use the same ACL for
assignment to multiple VLANs. For limits and operating rules, refer to “IPv4
ACL Configuration and Operating Rules” on page 10-32.
HP Switch(config)# vlan 20 ip access-group My-List in
HP Switch(config)# vlan 20
HP Switch(vlan-20)# ip access-group 155 out
HP Switch(vlan-20)# exit
HP Switch(config)# no vlan 20 ip access-group My-List in
HP Switch(config)# vlan 20
HP Switch(vlan-20)# no ip access-group 155 out
HP Switch(vlan-20)# exit
Enables an RACL from the
Global Configuration
Level
Enables an RACL from a
VLAN Context.
Disables an RACL from
the Global Configuration
Level
Disabling an RACL from a
VLAN Context.
Syntax: [no] vlan < vid > ip access-group < identifier > vlan
where: < identifier > = either a ACL name or an ACL ID number.
Assigns an ACL as a VACL to a VLAN to filter any IPv4
traffic entering the switch on that VLAN. You can use either
the global configuration level or the VLAN context level to
assign or remove a VACL.
Note: The switch allows you to assign a nonexistent ACL
name or number to a VLAN. In this case, if you subsequently
configure an ACL with that name or number, it
automatically becomes active on the assigned VLAN. Also,
if you delete an assigned ACL from the switch without
subsequently using the “no” form of this command to
remove the assignment to a VLAN, the ACL assignment
remains and will automatically activate any new ACL you
create with the same identifier (name or number).
To Next Page
Loading...
Need help?
General
