Applying an ACL to an interface Which Cisco IOS command correctly applies IPv4 access list 101 inbound on a router interface?

Introduction / Context:Creating an ACL is only half the job; you must apply it to an interface and direction to enforce policy. In classic IPv4 IOS, the command keyword used under an interface is ip access-group. Choosing the right syntax avoids parser errors and ensures the ACL actually filters packets as intended.

Given Data / Assumptions:

• Standard or extended IPv4 ACL number 101 already exists.
• We want to apply it inbound on some interface (for example, G0/0).
• Configuration is done in interface configuration mode.

Concept / Approach:

The correct interface-level command format is: ip access-group . For ACL 101 inbound, it is ip access-group 101 in. Named ACLs use the same command but with the name instead of a number. IPv6 uses a different keyword: ipv6 traffic-filter.

Step-by-Step Solution:

Verification / Alternative check:

Use show run interface to confirm the line ip access-group 101 in appears. Packet counters in show access-lists will increment when matches occur.

Why Other Options Are Wrong:

• ip access-list 101 out: this is the submode to define rules, not to apply an ACL to an interface.
• access-list ip 101 in and access-group ip 101 in: invalid keyword order.
• ip access-apply: not an IOS command.

Common Pitfalls:

• Forgetting to specify direction; without in or out the command is incomplete.
• Applying the ACL to the wrong interface; direction is relative to the interface.

Final Answer:

ip access-group 101 in