Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACL question - both in and out access-group on same interface

I have a question about applying multiple access-group commands to the same interface.

Way back in the acient past you could only apply one access-group command to an interface (either in or out but not both). Is this still true?

If you can apply both In and Out access-group commands to an interface is there any caveats to do so (other than mis-configuraing the ACL)?

I am running IOS on 12.2.18 on a 6504 witha Sup720-3B sup module.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: ACL question - both in and out access-group on same interfac

You can apply one access list in each direction to each interface in an IOS router. Not 100% sure if that applies to SVIs and routed ports in the 6509 Sup, but I don't see why not.

I'm not aware of any caveats. This has been the behaviour as long as I remember.

Regards,

Ryan

Hall of Fame Super Gold

Re: ACL question - both in and out access-group on same interfac

Mike

I have worked with IOS going back as far as 9.14 it has not been the case that you could apply only one access-group to an interface (either in or out but not both). It has always been possible to have one in and one out on the same interface. The caveats of having 2 access-groups on an interface are the same as the caveats of having 1 access-group.

HTH

Rick

3 REPLIES
Bronze

Re: ACL question - both in and out access-group on same interfac

You can apply one access list in each direction to each interface in an IOS router. Not 100% sure if that applies to SVIs and routed ports in the 6509 Sup, but I don't see why not.

I'm not aware of any caveats. This has been the behaviour as long as I remember.

Regards,

Ryan

Hall of Fame Super Gold

Re: ACL question - both in and out access-group on same interfac

Mike

I have worked with IOS going back as far as 9.14 it has not been the case that you could apply only one access-group to an interface (either in or out but not both). It has always been possible to have one in and one out on the same interface. The caveats of having 2 access-groups on an interface are the same as the caveats of having 1 access-group.

HTH

Rick

Community Member

Re: ACL question - both in and out access-group on same interfac

Thanks for the quick response. It wasn't quite the 9.14 days (only 9.21 I think) since I wanted to apply multiple access-group commands, and I was probably trying to apply 2 In commands on the same interface.

390
Views
0
Helpful
3
Replies
CreatePlease to create content