HP (Hewlett-Packard) W.14.03 Switch User Manual


  Open as PDF
of 594
 
9-55
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
Configuring Extended ACLs
Table 9-7. Command Summary for Extended ACLs
Action Command(s) Page
Create an Extended,
Named ACL
or
Add an ACE to the End
of an Existing,
Extended ACL
ProCurve(config)# ip access-list extended < name-str | 100-199 >
ProCurve(config-std-nacl)# < deny | permit >
< ip | ip-protocol | ip-protocol-nbr >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ tcp | udp ]
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
[comparison-operator < value >] ]
< any | host <DA > | DA/< mask-length > | DA < mask >>
1
[comparison-operator < value >]
[established]
< igmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ igmp-packet-type ]
< icmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
< any | host < DA > | DA/< mask-length > | DA < mask >>
1
[ [< 0 - 255 > [ 0 - 255 ] ] | icmp-message ]
[precedence < priority >]
[tos < tos- setting >]
[log]
2
Create an Extended,
ProCurve(config)# access-list < 100-199 > < deny | permit >
Numbered ACL
< ip-options |tcp/udp-options |igmp-options |icmp-options >
or
[log]
2
Add an ACE to the End
[precedence < priority >]
of an Existing,
[tos < tos- setting >]
Numbered ACL
Note: Uses the same IP, TCP/UDP, IGMP, and ICMP options as shown above for
“Create an Extended, Named ACL”.
Insert an ACE by
ProCurve(config)# ip access-list extended < name-str | 100-199 >
Assigning a Sequence
ProCurve(config-ext-nacl)# 1-2147483647 < deny | permit >
Number
Uses the options shown above for “Create an Extended, Named ACL”.
Use Sequence Num- ProCurve(config)# ip access-list extended < name-str | 100-199 >
ber To Delete an ACE ProCurve(config-std-nacl)# no < 1-2147483647 >
Resequence the ACEs ProCurve(config)# ip access-list resequence < name-str | 100-199 >
in an ACL < 1-2147483647 > < 1-2147483646 >
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [ log ] function applies only to “deny” ACLs, and generates a message only when there is a “deny” match.
Table continues on the next page.
9-53
9-65
9-77
9-79
9-80
 previous next