Ip access-group, Ip access-group -9 – Avaya Cajun P550R User Manual

Command Reference Guide for the Avaya P550R, P580, P880, and P882 Multiservice Switches, v5.3.1

20-9

Policy

ip access-group

Command Mode

Global Configuration

Description

Enables an access control list (ACL) and optionally sets the default
action to deny.

The default-action-deny option is a global setting and is not
available in the Web Agent. If you use the CLI to enable the
default-action-deny option and then use the Web Agent to enable
a different ACL, the default-action-deny option remains enabled.
When this option is enabled, the switch blocks all traffic that does
not match an access rule in the enabled ACL.

CAUTION

Do not use the Web Agent to enable a different ACL if the
default-action-deny option is enabled. Because the option
remains enabled, you can unexpectedly lose connectivity to
the switch.

To ensure that you never inadvertently lose all connectivity to the
switch, you can add an access rule that always permits a specific
connection. You must add the rule to all ACLs on the switch,
though, so that regardless of the ACL that is enabled, the default-
action-deny option does not block the connection.

For example, to ensure that you can always connect to the switch
from a PC that has an IP address of 192.168.10.10, add the following
access rule to all ACLs on the switch: ip access-list name> permit 192.168.10.10 0.0.0.0.

The no form of this command disables the access control list. The
default action is by default set to permit.

Syntax

To Enable:

ip access-group [default-action-deny]

To Disable:

[no] ip access-group