ethernet-services access-group
To control access to an interface, use the ethernet-service access-group command in interface configuration mode.
ethernet-services access-group access-list-name ingress
Syntax Description
access-list-name |
Name of an Ethernet services access list as specified by the ethernet-service access-list command. |
ingress |
Filters on inbound packets. |
Command Default
The interface does not have an Ethernet services access list applied to it.
Command Modes
Interface configuration
Command History
Release |
Modification |
---|---|
Release 7.5.3 |
This command was introduced. |
Usage Guidelines
The ethernet-services access-group command to control access to an interface. To remove the specified access group, use the no form of the command. Use the access-list-name argument to specify a particular Ethernet services access list. Use the ingress keyword to filter on inbound packets.
If the list permits the addresses, the software continues to process the packet. If the access list denies the address, the software discards the packet.
If the specified access list does not exist, all packets are passed.
By default, the unique or per-interface ACL statistics are disabled.
Task ID
Task ID |
Operations |
---|---|
acl |
read, write |
Examples
The following example shows how to apply filters on inbound packets from an interface.
Router# configure
Router(config)# interface HundredGigE 0/0/0/24
Router(config-if)# l2transport
Router(config-if)# ethernet-services access-group es_acl_1 ingress
Router(config-if)# commit