EasyManuals Logo

HP J9574A Access Security Guide

HP J9574A
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #444 background imageLoading...
Page #444 background image
10-64
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
< ip | ip-protocol | ip-protocol-nbr >
Used after deny or permit to specify the packet protocol type
required for a match. An extended ACL must include one of
the following:
ip any IPv4 packet.
ip-protocol any one of the following IPv4 protocol names:
ip-in-ip ipv6-in-ip gre esp ah
ospf pim vrrp sctp tcp*
udp* icmp* igmp*
ip-protocol-nbr the protocol number of an IPv4 packet type,
such as “8” for Exterior Gateway Protocol or 121 for Simple
Message Protocol. (For a listing of IPv4 protocol numbers
and their corresponding protocol names, refer to the IANA
“Protocol Number Assignment Services” at
www.iana.com.) (Range: 0 - 255)
* For TCP, UDP, ICMP, and IGMP, additional criteria can be
specified, as described on pages 10-67 through 10-72.
< any | host < SA > | SA < mask > | SA/ mask-length
This is the first instance of IPv4 addressing in an extended
ACE. It follows the protocol specifier and defines the source
address (SA) a packet must carry for a match with the ACE.
anyAllows IPv4 packets from any SA.
host < SA > — Specifies only packets having a single address
as the SA. Use this criterion when you want to match only
the IPv4 packets from a single SA.
SA < mask > or SA/mask-length Specifies packets received
from an SA, where the SA is either a subnet or a group of
addresses. The mask can be in either dotted-decimal format
or CIDR format (number of significant bits). Refer to
“Using CIDR Notation To Enter the IPv4 ACL Mask” on page
10-49.
SA Mask Application: The mask is applied to the SA in the
ACL to define which bits in a packet’s SA must exactly
match the SA configured in the ACL and which bits need
not match.
Example: 10.10.10.1/24 and 10.10.10.1 0.0.0.255 both
define any address in the range of 10.10.10.(1 - 255).
Note: Specifying a group of contiguous addresses may
require more than one ACE. For more on how masks operate
in ACLs, refer to “How an ACE Uses a Mask To Screen
Packets for Matches” on page 10-35.

Table of Contents

Other manuals for HP J9574A

Preview: Manual
Manual36 pages
Preview: Installation And Getting Started Guide
Installation And Getting Started Guide112 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP J9574A and is the answer not in the manual?

HP J9574A Specifications

General IconGeneral
BrandHP
ModelJ9574A
CategorySwitch
LanguageEnglish

Related product manuals