Applying an ACL to an interface Which Cisco IOS command correctly applies IPv4 access list 101 inbound on a router interface?
-
Aip access-list 101 out
-
Baccess-list ip 101 in
-
Cip access-group 101 in
-
Daccess-group ip 101 in
-
Eip access-apply 101 in
Answer
Correct Answer: ip access-group 101 in
Explanation
Introduction / Context:Creating an ACL is only half the job; you must apply it to an interface and direction to enforce policy. In classic IPv4 IOS, the command keyword used under an interface is ip access-group. Choosing the right syntax avoids parser errors and ensures the ACL actually filters packets as intended.
Given Data / Assumptions:
- Standard or extended IPv4 ACL number 101 already exists.
- We want to apply it inbound on some interface (for example, G0/0).
- Configuration is done in interface configuration mode.
Concept / Approach:
The correct interface-level command format is: ip access-group
Step-by-Step Solution:
Enter interface configuration mode: interface G0/0.Apply the ACL: ip access-group 101 in.Verify with: show ip interface G0/0.Confirm counters increase with: show access-lists 101 during traffic tests.Verification / Alternative check:
Use show run interface
Why Other Options Are Wrong:
- ip access-list 101 out: this is the submode to define rules, not to apply an ACL to an interface.
- access-list ip 101 in and access-group ip 101 in: invalid keyword order.
- ip access-apply: not an IOS command.
Common Pitfalls:
- Forgetting to specify direction; without in or out the command is incomplete.
- Applying the ACL to the wrong interface; direction is relative to the interface.
Final Answer:
ip access-group 101 in