Ip Access-Group - Enterasys SECURESTACK C3 Configuration Manual

ip access-group

If eq port is not specified, TCP/UDP ports are not used for filtering. Only the protocol, source, and
destination are used for applying the rule.
Mode
Global configuration: C3(su)‐>router(Config)#
Usage
Access lists are applied to interfaces by using the ip access‐group command as described in "ip
access‐group" on page 26‐86.
Valid access‐list‐numbers for extended ACLs are 100 to 199. For standard ACLs, valid values are 1
to 99.
All access lists have an implicit "deny any any" statment as their last entry.
Examples
This example shows how to define access list 145 to deny ICMP transmissions from any source
and for any destination:
C3(su)->router(Config)#access-list 145 deny ICMP any any
This example appends to access list 145 a permit statement that allows the host with IP address
88.255.255.254 to do an SSH remote login to any destination on TCP port 22.
C3(su)->router(Config)#access-list 145 permit tcp host 88.255.255.254 any eq 22
This example appends to access list 145 a permit statement that allows SNMP control traffic (from
UDP port 161) to be sent from IP addresses within the range defined by 88.255.128.0 0.0.127.255
to any destination.
C3(su)->router(Config)#access-list 145 permit udp 88.255.128.0 0.0.127.255 eq 161
any
ip access-group
Use this command to apply access restrictions to inbound frames on an interface when operating
in router mode. The no form of this command removes the specified access list.
Syntax
ip access-group access-list-number in
no ip access-group access-list-number in
Parameters
access‐list‐number
in
Defaults
None.
Mode
Interface configuration: C3(su)‐>router(Config‐if(Vlan <vlan_id>))#
26-86 Authentication and Authorization Configuration
Specifies the number of the access list to be applied to the access list. This
is a decimal number from 1 to 199.
Filters inbound frames.