Specifications

ip access-group

21-74 Security Configuration

ip access-group

Usethiscommandtoapplyaccessrestrictionstoinboundframesonaninterfacewhenoperating

inroutermode.Thenoformofthiscommandremovesthespecifiedaccesslist.

Syntax

ip access-group access-list-number in

no ip access-group access-list-number in

Parameters

Defaults

None.

Mode

Interfaceconfiguration:C3(su)‐>router(Config‐if(Vlan<vlan_id>))#

Usage

ACLsmustbeappliedperroutinginterface.Anentry(rule)canbeappliedtoinboundframes

only.

Example

Thisexampleshowshowtoapplyaccesslist1forallinboundframesontheVLAN1interface.

Throughthedefinitionofaccesslist1,onlyframeswithasourceaddressonthe192.5.34.0/24

networkwillberouted.AlltheframeswithothersourceaddressesreceivedontheVLAN1

interface

aredropped:

C3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255

C3(su)->router(Config)#interface vlan 1

C3(su)->router(Config-if(Vlan 1))#ip access-group 1 in

access‐list‐number Specifiesthenumberoftheaccesslisttobeappliedtotheaccesslist.This

isadecimalnumberfrom1to199.

in Filtersinboundframes.