To Next Page

To Previous Page

Configuring Access Lists ip access-group

24-20 Security Configuration

Mode

Routercommand,Globalconfiguration:Matrix>Router(config)#

Usage

Validaccess‐list‐numbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1

to99.

Restrictionsdefinedbyanaccesslistareappliedbyusingtheipaccess‐groupcommandas

describedin“ipaccess‐group”onpage 24‐20.

The“no”formofthiscommand

removesthedefinedaccesslistorentry.

Examples

Thisexampleshowshowtodefineaccesslist101todenyICMPtransmissionsfromanysource

andforanydestination:

Matrix>Router(config)#access-list 101 deny ICMP any any

Thisexampleshowshowtodefineaccesslist102todenyTCPpacketstransmittedfromIPsource

10.1.2.1withaportnumberof42toanydestination.

Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any

Thisexampleshowshowtodefineaccesslist101todenyTCPpacketstransmittedfromanyIP

sourceportwiththeprecedencefieldsettoavalueof3andthetosfieldsettoavalueof4.

Matrix>Router(config)#access-list 101 deny tcp any precedence 3 tos 4

Thisexampleshowshowtodefineaccesslist102todenyTCPpacketstransmittedfromanyIP

sourceportwithatheDiffServvaluesetto55.

Matrix>Router(config)#access-list 102 deny tcp any any dscp 55

ip access-group

Usethiscommandtoapplyaccessrestrictionstoinboundoroutboundframesonaninterface

whenoperatinginroutermode.

Syntax

ip access-group access-list-number {in | out}

no ip access-group access-list-number {in | out}

Parameters

Defaults

None.

Mode

Routercommand,Interfaceconfiguration:Matrix>Router(config‐if(Vlan<vlan_id>))#

access‐list‐number Specifiesthenumberoftheaccess listtobeappliedtotheaccesslist.

Thisisadecimalnumberfrom1to199.

in Filtersinboundframes.

out Filtersoutboundframes.

Enterasys Matrix DFE-Gold Series User Manual

Questions and Answers: