EasyManua.ls Logo

HP PROCURVE 2910AL - Configuring Standard ACLs; Configuring Extended ACLs

HP PROCURVE 2910AL
594 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
9-55
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
Configuring Extended ACLs
Table 9-7. Command Summary for Extended ACLs
Action Command(s) Page
Create an Extended,
Named ACL
or
Add an ACE to the End
of an Existing,
Extended ACL
ProCurve(config)# ip access-list extended < name-str | 100-199 >
ProCurve(config-std-nacl)# < deny | permit >
< ip | ip-protocol | ip-protocol-nbr >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ tcp | udp ]
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
[comparison-operator < value >] ]
< any | host <DA > | DA/< mask-length > | DA < mask >>
1
[comparison-operator < value >]
[established]
< igmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ igmp-packet-type ]
< icmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ [< 0 - 255 > [ 0 - 255 ] ] | icmp-message ]
[precedence < priority >]
[tos < tos- setting >]
[log]
2
Create an Extended,
ProCurve(config)# access-list < 100-199 > < deny | permit >
Numbered ACL
< ip-options |tcp/udp-options |igmp-options |icmp-options >
or
[log]
2
Add an ACE to the End
[precedence < priority >]
of an Existing,
[tos < tos- setting >]
Numbered ACL
Note: Uses the same IP, TCP/UDP, IGMP, and ICMP options as shown above for
“Create an Extended, Named ACL”.
Insert an ACE by
ProCurve(config)# ip access-list extended < name-str | 100-199 >
Assigning a Sequence
ProCurve(config-ext-nacl)# 1-2147483647 < deny | permit >
Number
Uses the options shown above for “Create an Extended, Named ACL”.
Use Sequence Num- ProCurve(config)# ip access-list extended < name-str | 100-199 >
ber To Delete an ACE ProCurve(config-std-nacl)# no < 1-2147483647 >
Resequence the ACEs ProCurve(config)# ip access-list resequence < name-str | 100-199 >
in an ACL < 1-2147483647 > < 1-2147483646 >
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [ log ] function applies only to “deny” ACLs, and generates a message only when there is a “deny” match.
Table continues on the next page.
9-53
9-65
9-77
9-79
9-80

Table of Contents

Other manuals for HP PROCURVE 2910AL

Preview: Configuration Guide
Configuration Guide194 pages

Related product manuals