2-128
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
ip access-group
ip access-group
Use the ip access-group interface configuration command to control access to an interface. Use the no
form of this command to remove an access group from an interface.
ip access-group {access-list-number | name} in
no ip access-group {access-list-number | name} in
This command is available on physical interfaces only if your switch is running the enhanced software
image (EI).
Syntax Description
Defaults No ACL is applied to the interface.
Command Modes Interface configuration
Command History
Usage Guidelines You can apply IP ACLs only to ingress interfaces. If a MAC access group is already defined for an
interface, you cannot apply this command to the interface.
The ACLs can be standard or extended.
For standard ACLs, after receiving a packet, the switch checks the packet source address. If the source
address matches a defined address in the ACL and the list permits the address, the switch forwards the
packet.
For extended ACLs, after receiving the packet, the switch checks the match conditions in the ACL. If the
conditions are matched, the switch forwards the packet.
If the specified ACL does not exist, the switch forwards all packets.
IP access groups can be separated on Layer 2 and Layer 3 interfaces.
Note For more information about configuring IP ACLs, see the “Configuring Network Security with ACLs”
chapter in the software configuration guide for this release.
access-list-number Number of the IP access control list (ACL). The range is 1 to 199 and 1300 to
2699.
name Name of an IP ACL, specified in the ip access-list command.
Release Modification
12.1(6)EA2 This command was introduced.
To Next Page
Loading...
Need help?
General
