Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 24 of 50
Figure 8: Extended ACL Configuration Example 2
device-name
(config)#
access-list 102 deny tcp host 192.98.1.2 any tos 5
precedence 3
device-name
(config)#
access-list 102 deny udp host 192.98.1.2 any tos 5
precedence 3
device-name
(config)#
access-list 102 deny igmp host 192.98.1.2 any tos 5
precedence 3
device-name
(config)#
access-list 102 permit tcp 192.98.0.0/16 any
device-name
(config)#
access-list 102 permit udp 192.98.0.0/16 any
device-name
(config)#
access-list 102 permit igmp 192.98.0.0/16 any
To apply this ACG to an interface 1/1/1 by using the
ip access-group
command:
device-name
(config)#
interface 1/1/1
device-name
(config-if 1/1/1)#
ip access-group 102
Creating an Extended IP ACL for a Multicast Group
The Multicast Group extended
access-list
command, in Global Configuration mode, creates an
extended IP ACL for a Multicast Group Address. The
no
form of this command removes the
specified ACL.
NOTE
The ACL cannot be applied to an interface or VLAN with the ACG options since
the IGMP traffic is forwarded only to the CPU.
The Multicast Group extended ACL should be used only when IGMP Snooping is
enabled. If the IGMP Snooping is disabled use ACL numbers in the range <100-
199>.
For more information regarding IGMP Snooping see “
Configuring Multicast Layer
2
”.