2-98
Cisco ME 3800X and ME 3600X Switch Command Reference
OL-28238-01
Chapter 2 Cisco ME 3800X and ME 3600X Switch Cisco IOS Commands
ip access-group
the switch continues to process the packet. If the access list denies the packet, the switch discards the
packet. If the access list has been applied to a Layer 3 interface, discarding a packet (by default) causes
the generation of an Internet Control Message Protocol (ICMP) Host Unreachable message. ICMP Host
Unreachable messages are not generated for packets discarded on a Layer 2 interface.
For standard outbound access lists, after receiving a packet and sending it to a controlled interface, the
switch checks the packet against the access list. If the access list permits the packet, the switch sends the
packet. If the access list denies the packet, the switch discards the packet and, by default, generates an
ICMP Host Unreachable message.
If the specified access list does not exist, all packets are passed.
You can verify your settings by entering the show ip interface, show access-lists, or show ip
access-lists privileged EXEC command.
Examples This example shows how to apply IP access list 101 to inbound packets on a port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group 101 in
Related Commands Command Description
access list Configures a numbered ACL.
ip access-list Configures a named ACL.
show access-lists Displays ACLs configured on the switch.
show ip access-lists Displays IP ACLs configured on the switch.
show ip interface Displays information about interface status and configuration.
To Next Page
Loading...
Need help?
General