Ip Access-Group - Cisco Catalyst 2950 Command Reference Manual

ip access-group

ip access-group
Use the ip access-group interface configuration command to control access to an interface. Use the no
form of this command to remove an access group from an interface.
This command is available on physical interfaces only if your switch is running the enhanced software
image (EI).
Syntax Description
access-list-number
name
Defaults No ACL is applied to the interface.
Command Modes Interface configuration
Command History Release
12.1(6)EA2
Usage Guidelines You can apply IP ACLs only to ingress interfaces. If a MAC access group is already defined for an
interface, you cannot apply this command to the interface.
The ACLs can be standard or extended.
For standard ACLs, after receiving a packet, the switch checks the packet source address. If the source
address matches a defined address in the ACL and the list permits the address, the switch forwards the
packet.
For extended ACLs, after receiving the packet, the switch checks the match conditions in the ACL. If the
conditions are matched, the switch forwards the packet.
If the specified ACL does not exist, the switch forwards all packets.
IP access groups can be separated on Layer 2 and Layer 3 interfaces.
For more information about configuring IP ACLs, see the "Configuring Network Security with ACLs"
Note
chapter in the software configuration guide for this release.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
2-128
ip access-group {access-list-number | name} in
no ip access-group {access-list-number | name} in
Number of the IP access control list (ACL). The range is 1 to 199 and 1300 to
2699.
Name of an IP ACL, specified in the ip access-list command.
Modification
This command was introduced.
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
OL-10102-01