4 ip access-group, Ip access-group -96, Section 14.3.7.4 – Enterasys Networks 1G58x-09 User Manual

Security Configuration Command Set

Configuring Access Lists

14-96

Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide

Examples

This example shows how to define access list 101 to deny ICMP transmissions from any source and
for any destination:

This example shows how to define access list 102 to deny TCP packets transmitted from IP source
10.1.2.1 with a port number of 42 to any destination:

14.3.7.4 ip access-group

Use this command to apply access restrictions on an interface when operating in router mode.

ip access-group access-list-number {in | out}

Syntax Description

Command Syntax of the “no” Form

The “no” form of this command removes the specified access list:

no ip access-group access-list-number {in | out}

Command Type

Router command.

Command Mode

Interface configuration: Matrix>Router(config-if(Vlan <vlan_id>))#

Matrix>Router(config)#access-list 101 deny ICMP any any

Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any

ROUTER: This command can be executed when the device is in router mode only.
For details on how to enable router configuration modes, refer to

Section 3.3.3

.

access-list-number

Specifies the number of the access list to be applied to the
access list. This is a decimal number from 1 to 199.

in

Filters inbound packets.

out

Filters outbound packets.