## Inherited from group l2tr
mtu 1500
## Inherited from group acref
ipv4 access-group adem ingress
## Inherited from group acref
ipv4 access-group adem egress
3
Check that the ACL group configuration actually got configured by using a traffic generator and watching
that denied traffic is dropped.
Local Configuration Takes Precedence: Example
This example illustrates that local configurations take precedence when there is a discrepancy between a local
configuration and the configuration inherited from a configuration group.
1
Configure a local configuration in a configuration submode with an access list:
RP/0/RP0/CPU0:router#
show running interface gigabitEthernet 0/0/0/39
interface GigabitEthernet0/0/0/39
ipv4 access-group smany ingress
ipv4 access-group smany egress
!
RP/0/RP0/CPU0:router#
show running interface gigabitEthernet 0/0/0/38
interface GigabitEthernet0/0/0/38
!
RP/0/RP0/CPU0:router#
show running ipv4 access-list smany
ipv4 access-list smany
10 permit ipv4 any any
!
RP/0/RP0/CPU0:router#
show running ipv4 access-list adem
ipv4 access-list adem
10 permit ipv4 21.0.0.0 0.255.255.255 host 55.55.55.55
20 deny ipv4 any any
!
2
Configure and apply the access list group configuration:
RP/0/RP0/CPU0:router#
show running group acref
group acref
interface 'GigabitEthernet0/0/0/3.*'
ipv4 access-group adem ingress
ipv4 access-group adem egress
!
end-group
RP/0/RP0/CPU0:router#
show running | inc apply-group
Building configuration...
apply-group isis l2tr isis2 mpp bundle1 acref
3
Check the concise and inheritance views for the matching interface where the access list reference is
configured locally:
RP/0/RP0/CPU0:router#
show running interface gigabitEthernet 0/0/0/39
interface GigabitEthernet0/0/0/39
ipv4 access-group smany ingress
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
97
Configuring Flexible Command Line Interface
Local Configuration Takes Precedence: Example