IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
Example of a Standard ACL. Suppose you wanted to configure a standard
ACL and assign it to filter inbound traffic on port 10 in a particular switch:
■ The ID you selected for this ACL is “50”.
■ You want the ACL to deny IP traffic from all hosts except these three:
• 10.128.100.10
• 10.128.100.27
• 10.128.100.14
ProCurve(config)# access-list 50 permit host 10.128.100.10
ProCurve(config)# access-list 50 permit host 10.128.100.27
ProCurve(config)# access-list 50 permit host 10.128.80.14
ProCurve(config)# interface 10 ip access-group 50 in
ProCurve(config)# write mem
ProCurve(config)# show config
Startup configuration:
; J9085A Configuration Editor; Created on release #A.14.03
hostname "ProCurve Switch"
snmp-server contact "Allen Smith"
snmp-server location "Building P"
ip access-list standard "50"
permit 10.128.100.10 0.0.0.0
permit 10.128.100.27 0.0.0.0
permit 10.128.80.14 0.0.0.0
exit
• Permits IP traffic from
the indicated IP address.
Since, for this example,
ACL 50 is a new list, this
command also creates
the ACL.
• Permits IP traffic from
the indicated IP address.
•The deny any that the
switch implicitly
includes in all standard
ACLs denies IP packets
from IP sources not
included in the above
three commands.
Show config lists any ACLs and ACL assignments
configured in the startup-config.
interface 10
access-group "50" in
exit
ip default-gateway 15.255.152.1
snmp-server community "public" Unrestricted
ACL “50” is listed as assigned to filter inbound
vlan 1
traffic on port 10.
name "DEFAULT_VLAN"
untagged 1-28
ip address dhcp-bootp
exit
show access-list resources shows the rule and
ProCurve(config)# show access-list resources
resource usage.
Policy Engine Resource Usage
Rules Rules Group
Group Allocated Used Number
------------------------+------------+------------+------------+
QoS | 0 | 0 | 1 |
CLI-ACL | 4 | 4 | 2 |
IDM-ACL | 128| 128 | 3 |
Free | 124|
To Next Page
Loading...
