Ip access-group – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

244

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

IPv4 ACLs

11

This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set
for destination TCP port 80 (i.e., HTTP).

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port 80

Console(config-ext-acl)#

This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to
“SYN.”

Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 2

Console(config-ext-acl)#

Related Commands

access-list ip (240)
Time Range (102)

ip access-group

This command binds an IPv4 ACL to a port. Use the no form to remove the port.

Syntax

ip access-group acl-name {in | out} [time-range time-range-name] [counter]

no ip access-group acl-name {in | out}

acl-name – Name of the ACL. (Maximum length: 16 characters)

in – Indicates that this list applies to ingress packets.

out – Indicates that this list applies to egress packets.

time-range-name - Name of the time range.
(Range: 1-30 characters)

counter – Enables counter for ACL statistics.

Default Setting

None

Command Mode

Interface Configuration (Ethernet)

Command Usage

If an ACL is already bound to a port and you bind a different ACL to it, the switch will replace the old
binding with the new one.

Example

Console(config)#int eth 1/2

Console(config-if)#ip access-group david in

Console(config-if)#

Related Commands

show ip access-list (245)
Time Range (102)