Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1916
Views
0
Helpful
3
Replies

ip access-group 101 out not possible

petercinvest
Level 1
Level 1

‎12-09-2015 11:26 PM - edited ‎03-08-2019 03:03 AM

in my access switch, i try below scripts:, interface g0/1 is connect to distribution switch through trunk

int g0/1

ip access-group 101 out 

access-list 100 deny   ip any host (google ip address)

but it says only i can type ip access-group 101 in, if i type ip access-group 101 ? it shows only in parameter, not out.

how to fix the issue? thanks

Labels:
0 Helpful
3 Replies 3

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎12-10-2015 12:16 AM

Hi,

It looks you are using wrong access list number.

your acl says number as 100 and you are defining access-group as 101.

What is the switch model and ios?

HTH

0 Helpful

petercinvest
Level 1
Level 1
In response to InayathUlla Sharieff

‎12-10-2015 01:53 AM

sorry, access-list 101 deny   ip any host (google ip address)

switch model: 2960-CX-8 port POE

0 Helpful

Andre Neethling
Level 4
Level 4
In response to petercinvest

‎12-10-2015 03:35 AM

A port ACL (on a switchport) can only be applied in the inbound direction on a switchport. It is different from a router ACL which can be applied inbound or outbound.

And with a Routed port ACL you can only apply ONE ACL per Direction  per port. So if you already have an outbound ACL then you cannot add another outbound ACl, only inbound

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card