9-55
IPv4 Access Control Lists (ACLs)
Terminology
Action Command Page
Deleting an ACL from ProCurve(config)# no ip access-list < standard < name-str | 1-99 >> 9-54
the Switch
ProCurve(config)# no ip access-list < extended < name-str | 100 -199 >>
Displaying ACL Data ProCurve(config)# show access-list
ProCurve(config)# show access-list [ acl-name-string ]
ProCurve(config)# show access-list config
ProCurve(config)# show access-list ports < port-list >
ProCurve(config)# show access-list radius
ProCurve(config)# show access-list resources
ProCurve(config)# show access-list vlan
ProCurve(config)# show config
ProCurve(config)# show running
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [log] function applies only to “deny” ACLs, and generates a message only when there is a “deny” match.
Terminology
Access Control Entry (ACE): An ACE is a policy consisting of criteria and
an action to take (permit or deny) on a packet if it meets the criteria. The
elements composing the criteria include:
• Source IP address and mask (standard and extended ACLs)
• Destination IP address and mask (extended ACLs only)
• TCP or UDP application port numbers (optional, extended ACLs only)
Access Control List (ACL): A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit “deny” default which drops any packets that do not have a
match with any explicit ACE in the named ACL. The two classes of ACLs
are “standard” and “extended”. See “Standard ACL” and “Extended ACL”.
ACE: See “Access Control Entry”.
ACL: See “Access Control List”.
9-7
To Next Page
Loading...
Need help?
General