To Next Page

To Previous Page

10-64

IPv4 Access Control Lists (ACLs)

Configuring Extended ACLs

< ip | ip-protocol | ip-protocol-nbr >

Used after deny or permit to specify the packet protocol type

required for a match. An extended ACL must include one of

the following:

• ip — any IPv4 packet.

• ip-protocol — any one of the following IPv4 protocol names:

ip-in-ip ipv6-in-ip gre esp ah

ospf pim vrrp sctp tcp*

udp* icmp* igmp*

• ip-protocol-nbr — the protocol number of an IPv4 packet type,

such as “8” for Exterior Gateway Protocol or 121 for Simple

Message Protocol. (For a listing of IPv4 protocol numbers

and their corresponding protocol names, refer to the IANA

“Protocol Number Assignment Services” at

www.iana.com.) (Range: 0 - 255)

* For TCP, UDP, ICMP, and IGMP, additional criteria can be

specified, as described on pages 10-67 through 10-72.

< any | host < SA > | SA < mask > | SA/ mask-length

This is the first instance of IPv4 addressing in an extended

ACE. It follows the protocol specifier and defines the source

address (SA) a packet must carry for a match with the ACE.

• any — Allows IPv4 packets from any SA.

• host < SA > — Specifies only packets having a single address

as the SA. Use this criterion when you want to match only

the IPv4 packets from a single SA.

• SA < mask > or SA/mask-length — Specifies packets received

from an SA, where the SA is either a subnet or a group of

addresses. The mask can be in either dotted-decimal format

or CIDR format (number of significant bits). Refer to

“Using CIDR Notation To Enter the IPv4 ACL Mask” on page

10-49.

SA Mask Application: The mask is applied to the SA in the

ACL to define which bits in a packet’s SA must exactly

match the SA configured in the ACL and which bits need

not match.

Example: 10.10.10.1/24 and 10.10.10.1 0.0.0.255 both

define any address in the range of 10.10.10.(1 - 255).

Note: Specifying a group of contiguous addresses may

require more than one ACE. For more on how masks operate

in ACLs, refer to “How an ACE Uses a Mask To Screen

Packets for Matches” on page 10-35.

Questions and Answers:

Need help?

Do you have a question about the HP E3800 Series and is the answer not in the manual?

HP E3800 Series Specifications

General

Model	HP E3800 Series
Layer	Layer 3
Uplink Ports	4 x SFP+ ports
Stacking	Yes
Power over Ethernet (PoE)	Available on some models
Management	Web, CLI, SNMP
Power Supply	Redundant (optional)
Operating Temperature	0°C to 45°C
Dimensions (W x D x H)	440 x 424 x 44 mm
Operating Humidity	10% to 90% non-condensing