EasyManua.ls Logo

HP J8692A - Page 484

HP J8692A
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
10-64
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
< ip | ip-protocol | ip-protocol-nbr >
Used after deny or permit to specify the packet protocol type
required for a match. An extended ACL must include one of
the following:
ip any IPv4 packet.
ip-protocol any one of the following IPv4 protocol names:
ip-in-ip ipv6-in-ip gre esp ah
ospf pim vrrp sctp tcp*
udp* icmp* igmp*
ip-protocol-nbr the protocol number of an IPv4 packet type,
such as “8” for Exterior Gateway Protocol or 121 for Simple
Message Protocol. (For a listing of IPv4 protocol numbers
and their corresponding protocol names, refer to the IANA
“Protocol Number Assignment Services” at
www.iana.com.) (Range: 0 - 255)
* For TCP, UDP, ICMP, and IGMP, additional criteria can be
specified, as described on pages 10-67 through 10-72.
< any | host < SA > | SA < mask > | SA/ mask-length
This is the first instance of IPv4 addressing in an extended
ACE. It follows the protocol specifier and defines the source
address (SA) a packet must carry for a match with the ACE.
anyAllows IPv4 packets from any SA.
host < SA > — Specifies only packets having a single address
as the SA. Use this criterion when you want to match only
the IPv4 packets from a single SA.
SA < mask > or SA/mask-length Specifies packets received
from an SA, where the SA is either a subnet or a group of
addresses. The mask can be in either dotted-decimal format
or CIDR format (number of significant bits). Refer to
“Using CIDR Notation To Enter the IPv4 ACL Mask” on page
10-49.
SA Mask Application: The mask is applied to the SA in the
ACL to define which bits in a packet’s SA must exactly
match the SA configured in the ACL and which bits need
not match.
Example: 10.10.10.1/24 and 10.10.10.1 0.0.0.255 both
define any address in the range of 10.10.10.(1 - 255).
Note: Specifying a group of contiguous addresses may
require more than one ACE. For more on how masks operate
in ACLs, refer to “How an ACE Uses a Mask To Screen
Packets for Matches” on page 10-35.

Table of Contents

Other manuals for HP J8692A

Preview: Advanced Traffic Management Guide
Advanced Traffic Management Guide460 pages
Preview: Specification
Specification72 pages

Related product manuals