Cisco NM-8B-U - HW ROUTERS L-M User Manual page 183

16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series
ip access-group
To control access to an interface, use the ip access-group command in interface configuration mode. To
remove an access group from an interface, use the no form of this command.
Syntax Description
access-list-number
name
in
Defaults
No ACL is applied to the interface.
Command Modes
Interface configuration
Command History Release
12.1(6)EA2
12.2(15)ZJ
Usage Guidelines
You can apply IP ACLs only to ingress interfaces.
The ACLs can be standard or extended.
For standard ACLs, after receiving a packet, the switch checks the packet source address. If the source
address matches a defined address in the ACL and the list permits the address, the switch forwards the
packet.
For extended ACLs, after receiving the packet, the switch checks the match conditions in the ACL. If the
conditions are matched, the switch forwards the packet.
If the specified ACL does not exist, the switch forwards all packets.
IP access groups can be separated on Layer 2 and Layer 3 interfaces.
Note For more information about configuring IP ACLs, refer to the "Configuring IP Services" chapter in
the Cisco IOS IP Configuration Guide, Release 12.2.
Examples The following example shows how to apply a numbered ACL to an interface:
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip access-group 101 in
ip access-group {access-list-number | name} in
no ip access-group {access-list-number | name} in
Number of the IP access control list (ACL), from 1 to 199 or from 1300 to 2699.
Name of an IP ACL, specified in the ip access-list command.
Applies the IP ACL to packets entering the interface.
Modification
This command was introduced.
This command was implemented on the following platforms: Cisco 2600
series, Cisco 3600 series, and Cisco 3700 series routers.
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
ip access-group
183