CLI Reference Guide ACL Configuration Commands
View the extended expert ACL.
This command is supported only in 10.4 (3b16), 10.4 (3b17), 10.4 (5b1) and later versions.
Use this command to apply a specific ACL to an interface. The no form of this command cancels the
application.
ip access-group {id | name} {in | out} [unreflect | reflect]
no ip access-group { id | name} {in | out}
ID of the IP ACL (1 to 199, 1300 to 2699)
Filter the incoming packets of the interface.
Filter the outgoing packets of the interface.
Disable the Reflexive-ACL. (Working principle of the reflexive ACL: a.
A router generates a temporary access list automatically based on
layer-3 and layer-4 information of original traffic of the intranet. The
temporary access list is created based on the following rules:
Protocol unchanged, source-IP and destination-IP are strictly
exchanged with each other, and source-port and destination-port are
strictly exchanged with each other. b. Only when the layer-3 and
layer-4 information of the returned flow strictly matches with the
previous layer-3 and layer-4 information of the temporary access list
created based on outbound traffic, the router will permit the flow to
enter the intranet.)
Enable the Reflexive-ACL.
No ACL is applied on the interface.
Interface configuration mode.
Use the ip access-group command to apply the specified ACL to the interface, when the firewall is
enabled.
The following example applies the ACL 120 on the fastEthernet0/0 to filter the incoming packets:
Ruijie(config)# interface fastEthernet 0/0
Ruijie(config-if)# ip access-group 120 in
To Next Page
Loading...
