Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2277
Views
0
Helpful
3
Replies

ACL question - both in and out access-group on same interface

Go to solution
mike.rootvik
Level 1
Level 1

‎08-13-2008 10:46 AM - edited ‎03-06-2019 12:46 AM

I have a question about applying multiple access-group commands to the same interface.

Way back in the acient past you could only apply one access-group command to an interface (either in or out but not both). Is this still true?

If you can apply both In and Out access-group commands to an interface is there any caveats to do so (other than mis-configuraing the ACL)?

I am running IOS on 12.2.18 on a 6504 witha Sup720-3B sup module.

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
4rmorris
Level 1
Level 1

‎08-13-2008 11:30 AM

You can apply one access list in each direction to each interface in an IOS router. Not 100% sure if that applies to SVIs and routed ports in the 6509 Sup, but I don't see why not.

I'm not aware of any caveats. This has been the behaviour as long as I remember.

Regards,

Ryan

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to 4rmorris

‎08-13-2008 11:36 AM

Mike

I have worked with IOS going back as far as 9.14 it has not been the case that you could apply only one access-group to an interface (either in or out but not both). It has always been possible to have one in and one out on the same interface. The caveats of having 2 access-groups on an interface are the same as the caveats of having 1 access-group.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
4rmorris
Level 1
Level 1

‎08-13-2008 11:30 AM

You can apply one access list in each direction to each interface in an IOS router. Not 100% sure if that applies to SVIs and routed ports in the 6509 Sup, but I don't see why not.

I'm not aware of any caveats. This has been the behaviour as long as I remember.

Regards,

Ryan

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to 4rmorris

‎08-13-2008 11:36 AM

Mike

I have worked with IOS going back as far as 9.14 it has not been the case that you could apply only one access-group to an interface (either in or out but not both). It has always been possible to have one in and one out on the same interface. The caveats of having 2 access-groups on an interface are the same as the caveats of having 1 access-group.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
mike.rootvik
Level 1
Level 1

‎08-13-2008 12:02 PM

Thanks for the quick response. It wasn't quite the 9.14 days (only 9.21 I think) since I wanted to apply multiple access-group commands, and I was probably trying to apply 2 In commands on the same interface.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card