Ip access-group – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual

238

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002651-02

11

IPv4 ACLs

This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set
for destination TCP port 80 (i.e., HTTP).

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any destination-port 80

Console(config-ext-acl)#

This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to
“SYN.”

Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 2

Console(config-ext-acl)#

Related Commands

“access-list ip”

on page 234

“Time Range”

on page 101

ip access-group

This command binds an IPv4 ACL to a port. Use the no form to remove the port.

Syntax

ip access-group acl-name {in | out} [time-range time-range-name] [counter]

no ip access-group acl-name {in | out}

acl-name – Name of the ACL. (Maximum length: 16 characters)

in – Indicates that this list applies to ingress packets.

out – Indicates that this list applies to egress packets.

time-range-name - Name of the time range.
(Range: 1-30 characters)

counter – Enables counter for ACL statistics.

Default Setting
None

Command Mode
Interface Configuration (Ethernet)

Command Usage
If an ACL is already bound to a port and you bind a different ACL to it, the switch will replace the old
binding with the new one.

Example

Console(config)#int eth 1/2

Console(config-if)#ip access-group david in

Console(config-if)#

Related Commands

“show ip access-list”

on page 239

“Time Range”

on page 101