ip access-group 101 out not possible

petercinvest · ‎12-09-2015

in my access switch, i try below scripts:, interface g0/1 is connect to distribution switch through trunk

int g0/1

ip access-group 101 out

access-list 100 deny ip any host (google ip address)

but it says only i can type ip access-group 101 in, if i type ip access-group 101 ? it shows only in parameter, not out.

how to fix the issue? thanks

InayathUlla Sharieff · ‎12-10-2015

Hi,

It looks you are using wrong access list number.

your acl says number as 100 and you are defining access-group as 101.

What is the switch model and ios?

HTH

petercinvest · ‎12-10-2015

sorry, access-list 101 deny ip any host (google ip address)

switch model: 2960-CX-8 port POE

Andre Neethling · ‎12-10-2015

A port ACL (on a switchport) can only be applied in the inbound direction on a switchport. It is different from a router ACL which can be applied inbound or outbound.

And with a Routed port ACL you can only apply ONE ACL per Direction per port. So if you already have an outbound ACL then you cannot add another outbound ACl, only inbound