Ip access-group – Brocade Network OS Command Reference v4.1.0 User Manual

Network OS Command Reference

339

53-1003115-01

ip access-group

2

ip access-group

Applies rules specified in a MAC ACL to traffic entering an interface.

Synopsis

ip access-group name {in | out}

no ip access-group name {in | out}

Operands

name

Specifies the name of the standard or extended IP access list.

in | out

Specifies the binding direction (ingress or egress).

Defaults

No access lists are applied to the interface.

Command Modes

Interface subtype configuration mode

Description

Use this command to apply a IP ACL to a Layer 2, Layer 3, or a VE interface. You create the IP ACL
by using the ip access-list global configuration command.

Usage Guidelines

You can assign one IP ACL (standard or extended) to an interface.

When a packet is received on an interface with a IP ACL applied, the switch checks the rules in the
ACL. If any of the rules match, the switch permits or drops the packet, according to the rule. If the
specified ACL does not exist, an error results.

Enter no ip access-group name to remove the IP ACL from the interface.

Examples

To apply an ingress IP ACL named ipacl2 on a specific 10-gigabit Ethernet interface:

switch(config)# interface tengigabitethernet 178/0/9

switch(conf-if-te-178/0/9)# ip access-group ipacl2 in

To remove an ingress IP ACL named ipacl2 from a specific 10-gigabit Ethernet interface:

switch(config)# interface tengigabitethernet 178/0/9

switch(conf-if-te-178/0/9)# no ip access-group ipacl2 in

See Also

interface, interface ve, ip access-list, mac access-list extended, resequence access-list