Ip Access-Group - Cisco Catalyst 2950 Command Reference Manual

Chapter 2 Cisco IOS Commands

ip access-group

Use the ip access-group interface configuration command to control access to an interface. Use the no
form of this command to remove an access group from an interface.
This command is available on physical interfaces only if your switch is running the enhanced software
image (EI).
Syntax Description
access-list-number
name
Defaults
No ACL is applied to the interface.
Command Modes Interface configuration
Command History Release
12.1(6)EA2
Usage Guidelines You can apply IP ACLs only to ingress interfaces. If a MAC access group is already defined for an
interface, you cannot apply this command to the interface.
The ACLs can be standard or extended.
For standard ACLs, after receiving a packet, the switch checks the packet source address. If the source
address matches a defined address in the ACL and the list permits the address, the switch forwards the
packet.
For extended ACLs, after receiving the packet, the switch checks the match conditions in the ACL. If the
conditions are matched, the switch forwards the packet.
If the specified ACL does not exist, the switch forwards all packets.
IP access groups can be separated on Layer 2 and Layer 3 interfaces.
Note For more information about configuring IP ACLs, refer to the "Configuring Network Security with
ACLs" chapter in the Catalyst 2950 Desktop Switch Software Configuration Guide for this release.
78-11381-05
ip access-group {access-list-number | name} in
no ip access-group {access-list-number | name} in
Number of the IP access control list (ACL), from 1 to 199 or from 1300 to 2699.
Name of an IP ACL, specified in the ip access-list command.
Modification
This command was first introduced.
Catalyst 2950 Desktop Switch Command Reference
ip access-group
2-69