ip access-group
Mode
Global configuration: G3(su)‐>router(Config)#
Usage
Access lists are applied to interfaces by using the ip access‐group command as described in "ip
access‐group" on page 20‐74.
Valid access‐list‐numbers for extended ACLs are 100 to 199. For standard ACLs, valid values are 1
to 99.
Example
This example shows how to define access list 101 to deny ICMP transmissions from any source
and for any destination:
G3(su)->router(Config)#access-list 101 deny ICMP any any
ip access-group
Use this command to apply access restrictions to inbound frames on an interface when operating
in router mode. The no form of this command removes the specified access list.
Syntax
ip access-group access-list-number in
no ip access-group access-list-number in
Parameters
access‐list‐number
in
Defaults
None.
Mode
Interface configuration: G3(su)‐>router(Config‐if(Vlan <vlan_id>))#
Usage
ACLs must be applied per routing interface. An entry (rule) can be applied to inbound frames
only.
Example
This example shows how to apply access list 1 for all inbound frames on the VLAN 1 interface.
Through the definition of access list 1, only frames with a source address on the 192.5.34.0/24
network will be routed. All the frames with other source addresses received on the VLAN 1
interface are dropped:
G3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255
G3(su)->router(Config)#interface vlan 1
G3(su)->router(Config-if(Vlan 1))#ip access-group 1 in
20-74 Security Configuration
Specifies the number of the access list to be applied to the access list. This
is a decimal number from 1 to 199.
Filters inbound frames.