![](http://pdfasset.owneriq.net/3/88/3884ec60-08cc-bac4-b176-2f6590d63c88/3884ec60-08cc-bac4-b176-2f6590d63c88-bg531.png)
Security Configuration Command Set
Configuring Access Lists
Matrix NSA Series Configuration Guide 14-169
14.3.12.4 ip access-group
Use this command to apply access restrictions to inbound or outbound frames on an interface when
operating in router mode.
ip access-group access-list-number {in | out}
Syntax Description
Command Syntax of the “no” Form
The “no” form of this command removes the specified access list:
no ip access-group access-list-number {in | out}
Command Type
Router command.
Command Mode
Interface configuration: Matrix>Router1(config-if(Vlan <vlan_id>))#
Command Defaults
None.
Example
This example shows how to apply access list 1 for all inbound frames on VLAN 1. Through the
definition of access list 1, only frames with destination 192.5.34.0 will be routed. All the frames
with other destination received on VLAN 1 are dropped:
NOTE: ACLs must be applied per routing interface. An entry (rule) can either be applied
to inbound or outbound frames.
access-list-number Specifies the number of the access list to be applied to the
access list. This is a decimal number from 1 to 199.
in Filters inbound frames.
out Filters outbound frames.
Matrix>Router1(config)#access-list 1 permit 192.5.34.0 0.0.0.255
Matrix>Router1(config)#interface vlan 1
Matrix>Router1(config-if(Vlan 1))#ip access-group 1 in