250 ACL Commands
Example
The following example configures a MAC ACL to deny traffic from MAC
address 0806.c200.0000.
console(config)#mac access-list extended DELL123
console(config-mac-access-list)#deny 0806.c200.0000
ffff.ffff.ffff any
ip access-group
Use the ip access-group command in Global and Interface Configuration
modes to apply an IP based ACL on an Ethernet interface or a group of
interfaces. An IP based ACL should have been created by the access-list
name
… command with the same name specified in this command.
Use the no ip access-group command to disable an IP based ACL on an
Ethernet interface or a group of interfaces.
Syntax
ip access-group
name
[
direction] [seqnum]
no ip access-group
name
direction seqnum
•
name
— Access list name. (Range: Valid IP access-list name up to 31
characters in length)
•
direction
— Direction of the ACL. (Range:
in
or
out
. Default is
in.
)
•
seqnum
— Precedence for this interface and direction. A lower sequence
number has higher precedence. Range: 1 – 4294967295. Default is
1
.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration and Interface Configuration (Ethernet, VLAN, or Port
Channel) modes
2CSPC4.XModular-SWUM200.book Page 250 Thursday, March 10, 2011 11:18 AM
