Defining ACL Binding

When an ACL is bound to an interface, its ACE rules are applied to packets arriving at that interface. Packets that do not match any of the ACEs in the ACL are matched to a default rule, whose action is to drop unmatched packets.

Although each interface can be bound to only one ACL, multiple interfaces can be bound to the same ACL by grouping them into a policy-map, and binding that policy-map to the interface.

After an ACL is bound to an interface, it cannot be edited, modified, or deleted until it is removed from all the ports to which it is bound or in use.

To bind an ACL to an interface:

  1. Click Access Control > ACL Binding. The ACL Binding page opens.
  2. Select an interface type Ports/LAGs (Port or LAG).
  3. Click Go. The list of ports/LAGs is displayed. For each type of interface selected, all interfaces of that type are displayed with a list of their current ACLs:
    • Interface--Identifier of interface.
    • MAC ACL--ACLs of type MAC that are bound to the interface (if any).
    • IPv4 ACL--ACLs of type IPv4 that are bound to the interface (if any).
    • IPv6 ACL--ACLs of type IPv6 that are bound to the interface (if any).

    NOTE     To unbind all ACLs from an interface, select the interface, and click Clear.

  4. Select an interface, and click Edit. The Edit ACL Binding page opens.
  5. Select the Interface to which the ACLs are to be bound.
  6. Select one of the following:
    • Select MAC Based ACL--Select a MAC-based ACL to be bound to the interface.
    • Select IPv4 Based ACL--Select an IPv4-based ACL to be bound to the interface.
    • Select IPv6 Based ACL--Select an IPv6-based ACL to be bound to the interface.
  7. Click Apply. The ACL binding is modified, and the Running Configuration file is updated.
  8. NOTE     If no ACL is selected, the ACL(s) that is previously bound to the interface is unbound.