Ip access-group – LevelOne GTL-2691 User Manual

C

HAPTER

30

| Access Control Lists

IPv4 ACLs

– 978 –

E

XAMPLE

This example accepts any incoming packets if the source address is within

subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule

(10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 &

255.255.255.0), the packet passes through.

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any

Console(config-ext-acl)#

This allows TCP packets from class C addresses 192.168.1.0 to any

destination address when set for destination TCP port 80 (i.e., HTTP).

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port

80

Console(config-ext-acl)#

This permits all TCP packets from class C addresses 192.168.1.0 with the

TCP control code set to “SYN.”

Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-

flag 2 2

Console(config-ext-acl)#

R

ELATED

C

OMMANDS

access-list ip (974)

Time Range (817)

ip access-group

This command binds an IPv4 ACL to a port. Use the no form to remove the

port.

S

YNTAX

ip access-group acl-name in [time-range time-range-name]
no ip access-group acl-name in

acl-name – Name of the ACL. (Maximum length: 16 characters)
in – Indicates that this list applies to ingress packets.
time-range-name - Name of the time range.

(Range: 1-30 characters)

D

EFAULT

S

ETTING

None

C

OMMAND

M

ODE

Interface Configuration (Ethernet)