Filter
Top Products
Installation and Getting Started Guide
NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on
Save to Flash.
Configuring Named ACLs
When you configure an IP ACL, you can refer to the ACL by a numeric ID or by a name.
• If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for an extended
ACL.
• If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or an extended ACL, then
specify the name.
You can configure up to 100 named standard IP ACLs and 100 named extended IP ACLs. You also can configure
up to 100 standard ACLs and 100 extended ACLs by number. Regardless of how many ACLs you have, the
device can have a maximum of 1024 ACL entries, associated with the ACLs in any combination. (On HP 9304M
or HP 9308M Chassis devices with Management II modules, the maximum is 2048.)
To configure a named IP ACL, use the following CLI method.
USING THE CLI
The commands for configuring named ACL entries are different from the commands for configuring numbered
ACL entries. The command to configure a numbered ACL is access-list. The command for configuring a named
ACL is ip access-list. In addition, when you configure a numbered ACL entry, you specify all the command
parameters on the same command. When you configure a named ACL, you specify the ACL type (standard or
extended) and the ACL number with one command, which places you in the configuration level for that ACL. Once
you enter the configuration level for the ACL, the command syntax is the same as the syntax for numbered ACLs.
The following examples show how to configure a named standard ACL entry and a named extended ACL entry.
Configuration Example for Standard ACL
To configure a named standard ACL entry, enter commands such as the following.
HP9300(config)# ip access-list standard Net1
HP9300(config-std-nac1)# deny host 209.157.22.26 log
HP9300(config-std-nac1)# deny 209.157.29.12 log
HP9300(config-std-nac1)# deny host IPHost1 log
HP9300(config-std-nac1)# permit any
HP9300(config-std-nac1)# exit
HP9300(config)# int eth 1/1
HP9300(config-if-1/1)# ip access-group Net1 out
The commands in this example configure a standard ACL named “Net1”. The entries in this ACL deny packets
from three source IP addresses from being forwarded on port 1/1. Since the implicit action for an ACL is “deny”,
the last ACL entry in this ACL permits all packets that are not explicitly denied by the first three ACL entries. For
an example of how to configure the same entries in a numbered ACL, see
“Configuring Standard ACLs” on
page 3-5.
Notice that the command prompt changes after you enter the ACL type and name. The “std” in the command
prompt indicates that you are configuring entries for a standard ACL. For an extended ACL, this part of the
command prompt is “ext“. The “nacl” indicates that are configuring a named ACL.
Syntax: ip access-list extended | standard <string> | <num>
The extended | standard parameter indicates the ACL type.
The <string> parameter is the ACL name. You can specify a string of up to 256 alphanumeric characters. You can
use blanks in the ACL name if you enclose the name in quotation marks (for example, “ACL for Net1”). The
<num> parameter allows you to specify an ACL number if you prefer. If you specify a number, you can specify
from 1 – 99 for standard ACLs or 100 – 199 for extended ACLs.
3 - 18