Solved: difference between access-group & access-class

athambi · ‎06-20-2006

what is the difference between access group and access class commands.Which one is better and under what conditions are each used

leonvd79 · ‎06-20-2006

Hello athambi,

access-group [in|out] is used to tie an access-list to an interface.

access-class [in|out] is used to tie an access-list to vty lines.

So in case you want to prevent incoming network traffic on port 80 through Ethernet 0/0 you use

int E0/0

ip access-group 123 in

In case you want to allow only your PC from accessing the VTY via telnet/SSH use

line vty 0 4

ip access-class 1 in

HTH

--Leon

* Please rate posts.

leonvd79 · ‎06-20-2006

Hello athambi,

access-group [in|out] is used to tie an access-list to an interface.

access-class [in|out] is used to tie an access-list to vty lines.

So in case you want to prevent incoming network traffic on port 80 through Ethernet 0/0 you use

int E0/0

ip access-group 123 in

In case you want to allow only your PC from accessing the VTY via telnet/SSH use

line vty 0 4

ip access-class 1 in

HTH

--Leon

* Please rate posts.

mahmoodmkl · ‎06-20-2006

Hi

Access-group is used to bind a access-list with a particular interface.

access-class is used to bind a access-list to VTY lines.

in order to restrict access through telnet.

Thanks

Mahmood