Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module
661662663664665666667668669670
IP Access Control List Commands
CLI Command Reference
September 2014 Page 667
HP Moonshot Switch Module CLI Command Reference
ip access-group
This command either attaches a specific IP Access Control List (ACL) identified by accesslistnumber or name to
an interface, range of interfaces, or all interfaces; or associates it with a VLAN ID in a given direction. The
parameter
name is the name of the Access Control List.
An optional sequence number may be specified to indicate the order of this IP access list relative to other IP
access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
If a sequence number is already in use for this interface and direction, the specified access list replaces the
currently attached IP access list using that sequence number. If the sequence number is not specified for this
command, a sequence number that is one greater than the highest sequence number currently in use for this
interface and direction is used.
An optional control-plane is specified to apply the ACL on CPU port. The IPv4 control packets like RADIUS and
TACACS+ are also dropped because of the implicit deny all rule added at the end of the list. To overcome this,
permit rules must be added to allow the IPv4 control packets.
Example: The following shows an example of the command.
(Routing) (Config)#ip access-group ip1 control-plane
Note: The keyword control-plane is only available in Global Config mode.
Default none
Format
ip access-group {accesslistnumber|name} {{control-plane|in|out}|vlan vlan-id
{in|out}} [sequence 1-4294967295]
Modes •Interface Config
Global Config
Parameter Description
accesslistnumber Identifies a specific IP ACL. The range is 1 to 199.
sequence A optional sequence number that indicates the order of this IP access list relative to the
other IP access lists already assigned to this interface and direction. The range is 1 to
4294967295.
vlan-id A VLAN ID associated with a specific IP ACL in a given direction.
name The name of the Access Control List.