Ip Access-Group - Enterasys Matrix DFE-Gold Series Configuration Manual

Configuring Access Lists
Mode
Router command, Global configuration: Matrix>Router(config)#
Usage
Valid access‐list‐numbers for extended ACLs are 100 to 199. For standard ACLs, valid values are 1
to 99.
Restrictions defined by an access list are applied by using the ip access‐group command as
described in "ip access‐group" on page 24‐20.
The "no" form of this command removes the defined access list or entry.
Examples
This example shows how to define access list 101 to deny ICMP transmissions from any source
and for any destination:
Matrix>Router(config)#access-list 101 deny ICMP any any
This example shows how to define access list 102 to deny TCP packets transmitted from IP source
10.1.2.1 with a port number of 42 to any destination.
Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any
This example shows how to define access list 101 to deny TCP packets transmitted from any IP
source port with the precedence field set to a value of 3 and the tos field set to a value of 4.
Matrix>Router(config)#access-list 101 deny tcp any precedence 3 tos 4
This example shows how to define access list 102 to deny TCP packets transmitted from any IP
source port with a the DiffServ value set to 55.
Matrix>Router(config)#access-list 102 deny tcp any any dscp 55

ip access-group

Use this command to apply access restrictions to inbound or outbound frames on an interface
when operating in router mode.
Syntax
ip access-group access-list-number {in | out}
no ip access-group access-list-number {in | out}
Parameters
access‐list‐number
in
out
Defaults
None.
Mode
Router command, Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))#
24-20 Security Configuration
Specifies the number of the access list to be applied to the access list.
This is a decimal number from 1 to 199.
Filters inbound frames.
Filters outbound frames.
ip access-group