To Next Page

To Previous Page

ip access-group

22-86 Authentication and Authorization Configuration

Ifeqportisnotspecified,TCP/UDPportsarenotusedforfiltering.Onlytheprotocol,source,and

destinationareusedforapplyingtherule.

Mode

Globalconfiguration:B5(su)‐>router(Config)#

Usage

Accesslistsareappliedtointerfacesbyusingtheipaccess‐groupcommandasdescribedin“ip

access‐group”onpage 22‐86.

Validaccess‐list‐numbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1

to99.

Allaccesslistshaveanimplicit“deny

anyany”statmentastheirlastentry.

Examples

Thisexampleshowshowtodefineaccesslist145todenyICMPtransmissionsfromanysource

andforanydestination:

B5(su)->router(Config)#access-list 145 deny ICMP any any

Thisexampleappendstoaccesslist145apermitstatementthatallowsthehostwithIPaddress

88.255.255.254todoanSSHremotelogintoanydestinationonTCPport22.

B5(su)->router(Config)#access-list 145 permit tcp host 88.255.255.254 any eq 22

Thisexampleappendstoaccesslist145apermitstatementthatallowsSNMPcontroltraffic(from

UDPport161)tobesentfromIPaddresseswithintherangedefinedby88.255.128.00.0.127.255

toanydestination.

B5(su)->router(Config)#access-list 145 permit udp 88.255.128.0 0.0.127.255 eq 161

any

ip access-group

Usethiscommandtoapplyaccessrestrictionstoinboundframesonaninterfacewhenoperating

inroutermode.Thenoformofthiscommandremovesthespecifiedaccesslist.

Syntax

ip access-group access-list-number in

no ip access-group access-list-number in

Parameters

Defaults

None.

Mode

Interfaceconfiguration:B5(su)‐>router(Config‐if(Vlan<vlan_id>))#

access‐list‐number Specifiesthenumberoftheaccesslisttobeappliedtotheaccesslist.This

isadecimalnumberfrom1to199.

in Filtersinboundframes.

Enterasys b5 User Manual

Questions and Answers: