Specifications
Configuring Access Lists ip access-group
24-20 Security Configuration
Mode
Routercommand,Globalconfiguration:Matrix>Router(config)#
Usage
Validaccess‐list‐numbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1
to99.
Restrictionsdefinedbyanaccesslistareappliedbyusingtheipaccess‐groupcommandas
describedin“ipaccess‐group”onpage 24‐20.
The“no”formofthiscommand
removesthedefinedaccesslistorentry.
Examples
Thisexampleshowshowtodefineaccesslist101todenyICMPtransmissionsfromanysource
andforanydestination:
Matrix>Router(config)#access-list 101 deny ICMP any any
Thisexampleshowshowtodefineaccesslist102todenyTCPpacketstransmittedfromIPsource
10.1.2.1withaportnumberof42toanydestination.
Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any
Thisexampleshowshowtodefineaccesslist101todenyTCPpacketstransmittedfromanyIP
sourceportwiththeprecedencefieldsettoavalueof3andthetosfieldsettoavalueof4.
Matrix>Router(config)#access-list 101 deny tcp any precedence 3 tos 4
Thisexampleshowshowtodefineaccesslist102todenyTCPpacketstransmittedfromanyIP
sourceportwithatheDiffServvaluesetto55.
Matrix>Router(config)#access-list 102 deny tcp any any dscp 55
ip access-group
Usethiscommandtoapplyaccessrestrictionstoinboundoroutboundframesonaninterface
whenoperatinginroutermode.
Syntax
ip access-group access-list-number {in | out}
no ip access-group access-list-number {in | out}
Parameters
Defaults
None.
Mode
Routercommand,Interfaceconfiguration:Matrix>Router(config‐if(Vlan<vlan_id>))#
access‐list‐number Specifiesthenumberoftheaccess listtobeappliedtotheaccesslist.
Thisisadecimalnumberfrom1to199.
in Filtersinboundframes.
out Filtersoutboundframes.