EasyManuals Logo
Home>HP>Switch>ProCurve 5300xl Series

HP ProCurve 5300xl Series User Manual

HP ProCurve 5300xl Series
664 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #350 background imageLoading...
Page #350 background image
Access Control Lists (ACLs) for the Series 5300xl Switches
Introduction
For ACL filtering to take effect, configure an ACL and then assign it to either
the inbound or outbound traffic on a statically configured VLAN on the switch.
(Except for ACEs that screen traffic to an IP address on the switch itself, ACLs
assigned to VLANs can operate only while IP routing is enabled. Refer to
“Notes on IP Routingon page 9-11.)
Table 9-1. Comprehensive Command Summary
Action Command Page
Configuring Standard HPswitch(config)# [no] access-list < 1-99 > < deny | permit >
9-3
(Numbered) ACLs
< any | host <src-ip-addr > | src-ip-address/mask >
1
3
[log]
2
Configuring Extended HPswitch(config)# [no] access-list <100-199> < deny | permit >
9-3
(Numbered) ACLs
ip < any | host <src-ip-addr > | src-ip-address/mask >
1
8
[log]
2
HPswitch(config)# [no] access-list < 100-199 > < deny | permit >
< tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[operator < src-port tcp/udp-id >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[operator < dest-port tcp/udp-id >]
[log]
2
Configuring Standard HPswitch(config)# [no] ip access-list standard < name-str | 1-99 > 9-4
(Named) ACLs
4
HPswitch(config-std-nacl)# < deny | permit >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
Configuring Extended HPswitch(config)# [no] ip access-list extended < name-str | 100-199 >
(Named) ACLs
HPswitch(config-std-nacl)# < deny | permit > ip
< any | host <src-ip-addr > | src-ip-address/mask >
1
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[log]
2
HPswitch(config-std-nacl)# < deny | permit > < tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[operator < src-port tcp/udp-id >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[operator < dest-port tcp/udp-id >]
[log]
2
Enabling or Disabling HPswitch(config)# [no] vlan < vid > ip access-group 9-4
an ACL < name-str | 1-99 | 100-199 > < in |out > 6
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [log] function applies only to “deny” ACLs, and generates a message only when there is a “deny” match.
9-4

Table of Contents

Other manuals for HP ProCurve 5300xl Series

Preview: Access Security Guide
Access Security Guide292 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 5300xl Series and is the answer not in the manual?

HP ProCurve 5300xl Series Specifications

General IconGeneral
BrandHP
ModelProCurve 5300xl Series
CategorySwitch
LanguageEnglish

Related product manuals