Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
669
Views
0
Helpful
2
Replies

access-group in

Go to solution
jackie_gx
Level 1
Level 1

‎03-03-2011 08:03 PM - edited ‎03-04-2019 11:38 AM

when i apply "access-group in" at a interface with some ACL.

is the ACL will match the route learn from that interface or it will match the packet that go in that interface?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6

‎03-03-2011 09:39 PM

Hi Jackie,

Not quite sure if I understood the question properly , but access list are applied to the interface using access-group commands , access-list can filter traffic based on source/dst IP  and/or  tcp/upd ports. so, if you want to filter a route that is being learned using any routing protocol you will have to use Distribute list or prefix list etc.

here's a little howto on filtering routes :-

http://www.petri.co.il/how-to-use-a-distribute-list-to-filter-out-routing-updates-in-cisco-ios.htm

Manish

View solution in original post

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to manish arora

‎03-03-2011 10:52 PM

Hi,

ip access-group in --> This defines access control on packets transmitted from the host. These packets are received into the router interface.

ip access-group out --> This defines access control on packets being sent to the host. These packets are transmitted out of the router interface. The default is out.

To configure an access list to be used for packets transmitted to and from the host, use the ip access-group interface configuration command. To disable control over packets transmitted to or from a host, use the no form of this command.

With this command in effect, various fields within the packet are compared to criteria within the access list for acceptability and dropped or passed. Some of the fields that can be compared include: source IP address, destination IP address, protocol, source port number and destination port number.



Hope the above clear you...

Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
manish arora
Level 6
Level 6

‎03-03-2011 09:39 PM

Hi Jackie,

Not quite sure if I understood the question properly , but access list are applied to the interface using access-group commands , access-list can filter traffic based on source/dst IP  and/or  tcp/upd ports. so, if you want to filter a route that is being learned using any routing protocol you will have to use Distribute list or prefix list etc.

here's a little howto on filtering routes :-

http://www.petri.co.il/how-to-use-a-distribute-list-to-filter-out-routing-updates-in-cisco-ios.htm

Manish

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to manish arora

‎03-03-2011 10:52 PM

Hi,

ip access-group in --> This defines access control on packets transmitted from the host. These packets are received into the router interface.

ip access-group out --> This defines access control on packets being sent to the host. These packets are transmitted out of the router interface. The default is out.

To configure an access list to be used for packets transmitted to and from the host, use the ip access-group interface configuration command. To disable control over packets transmitted to or from a host, use the no form of this command.

With this command in effect, various fields within the packet are compared to criteria within the access list for acceptability and dropped or passed. Some of the fields that can be compared include: source IP address, destination IP address, protocol, source port number and destination port number.



Hope the above clear you...

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card