EasyManuals Logo

Cisco CATALYST 2960 Command Reference Guide

Cisco CATALYST 2960
800 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #144 background imageLoading...
Page #144 background image
2-118
Catalyst 2960 Switch Command Reference
OL-8604-03
Chapter 2 Catalyst 2960 Switch Cisco IOS Commands
ip access-group
ip access-group
Use the ip access-group interface configuration command to control access to a Layer 2 interface. Use
the no form of this command to remove all access groups or the specified access group from the
interface.
ip access-group {access-list-number | name} {in}
no ip access-group [access-list-number | name] {in}
Syntax Description
Defaults No access list is applied to the interface.
Command Modes Interface configuration
Command History
Usage Guidelines You can apply named or numbered standard or extended IP access lists to an interface. To define an
access list by name, use the ip access-list global configuration command. To define a numbered
access list, use the access list global configuration command. You can used numbered standard access
lists ranging from 1 to 99 and 1300 to 1999 or extended access lists ranging from 100 to 199 and
2000 to 2699.
You can use this command to apply an access list to a Layer 2 interface. However, note these limitations
for port ACLs:
You can only apply ACLs in the inbound direction.
You can only apply one IP ACL and one MAC ACL per interface.
Port ACLs do not support logging; if the log keyword is specified in the IP ACL, it is ignored.
An IP ACL applied to an interface only filters IP packets. To filter non-IP packets, use the mac
access-group interface configuration command with MAC extended ACLs.
For standard inbound access lists, after the switch receives a packet, it checks the source address of the
packet against the access list. IP extended access lists can optionally check other fields in the packet,
such as the destination IP address, protocol type, or port numbers. If the access list permits the packet,
the switch continues to process the packet. If the access list denies the packet, the switch discards the
packet.
If the specified access list does not exist, all packets are passed.
access-list-number The number of the IP access control list (ACL). The range is 1 to 199 or
1300 to 2699.
name The name of an IP ACL, specified in the ip access-list global configuration
command.
in Specify filtering on inbound packets.
Release Modification
12.2(25)FX This command was introduced.

Table of Contents

Other manuals for Cisco CATALYST 2960

Preview: Software Configuration Guide
Software Configuration Guide980 pages
Preview: Command Reference
Command Reference714 pages
Preview: Hardware Installation Guide
Hardware Installation Guide108 pages
Preview: Getting Started Guide
Getting Started Guide24 pages
Preview: Installation
Installation26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CATALYST 2960 and is the answer not in the manual?

Cisco CATALYST 2960 Specifications

General IconGeneral
ManageableYes
StackingNo
ModelCatalyst 2960 Series Switches
Power over Ethernet (PoE)Available on some models (IEEE 802.3af)
VLANs255 active VLANs
FeaturesQoS
Operating Temperature32 to 113°F (0 to 45°C)
Relative Humidity10% to 85% non-condensing
Power ConsumptionVaries by model (30W to 400W)

Related product manuals