To Next Page

To Previous Page

ip access-group

SecureStack C2 Configuration Guide 18-79

Defaults

Ifinsert,replace,ormovearenotspecified,thenewentrywillbeappendedtotheaccesslist.

Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

Ifoperatorandportarenotspecified,accessparameterswillbeappliedtoallTCPorUDPports.

Mode

Globalconfiguration:C2(su)‐>router(Config)#

Usage

Accesslistsareappliedtointerfacesbyusingtheipaccess‐groupcommandasdescribedin“ip

access‐group”onpage 18‐74.

Validaccess‐list‐numbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1

to99.

Example

Thisexampleshowshowtodefineaccesslist101todenyICMPtransmissionsfromanysource

andforanydestination:

C2(su)->router(Config)#access-list 101 deny ICMP any any

ip access-group

Usethiscommandtoapplyaccessrestrictionstoinboundframesonaninterfacewhenoperating

inroutermode.Thenoformofthiscommandremovesthespecifiedaccesslist.

Syntax

ip access-group access-list-number in

no ip access-group access-list-number in

Parameters

Defaults

None.

Mode

Interfaceconfiguration:C2(su)‐>router(Config‐if(Vlan<vlan_id>))#

movedestination

source1source2

(Optional)Movesasequenceofaccesslistentriesbeforeanotherentry.

Destinationisthenumberoftheexistingentrybeforewhichthisnewentry

willbemoved.Source1isasingleentrynumberorthefirstentrynumberin

therange

tobemoved.Source2(optional)isthelastentrynumberinthe

rangetobemoved.Ifsource2isnotspecified,onlythesource1entrywillbe

moved.

access‐list‐number Specifiesthenumberoftheaccesslisttobeappliedtotheaccesslist.This

isadecimalnumberfrom1to199.

in Filtersinboundframes.

Enterasys SecureStack C2 User Manual

Questions and Answers: