General Security Commands
16-90 Configuring Security
Example
TheexamplebelowenablesprotectionfromlandattackandlargeICMPpackets.Synflood
protectionwilltriggerformorethan7sessions.ProtectionagainstlargeICMPpacketswilltrigger
forpacketslargerthan2,000bytes.
XSR(config)#hostdos land
XSR(config)#hostdos largeicmp 2000

ip access-group

Thiscommandappliesaccesslistrestrictionstoaninterface.
Syntax
ip access-group access list-number {in | out}
Syntax of the “no” Form
Thenoformofthiscommandremovesthespecifiedaccessgroup:
no ip access-group access list-number {in | out}
Mode
Interfaceconfiguration:XSR(config-if<xx>)#
Example
Thefollowingexample,asillustratedinFigure 161,appliesACL101toallinboundpacketson
interfaceFastEthernet1.ACL101willrouteonlypacketswithadestinationofnetwork192.5.34.0.
AllpacketswithotherdestinationsreceivedonFastEthernet1willbedropped.
XSR(config)#access-list 101 permit any 192.5.34.0 0.0.0.255
XSR(config)#interface FastEthernet 1
XSR(config-if<F1>)#ip access-group 1
Figure 16-1 IP Access-Group Example
list-number Numberofanaccesslist,rangingfrom1to199.
in Filtersoninboundpackets
out Filtersonoutboundpackets
Eth1 192.5.34.0
192.6.34.0
192.7.34.0
Router 1