Manualshelf

HP ProCurve Series 6120 Blade Switches Access Security Guide

ManualsBrandsHP ManualsComputer AccessoriesHP 6120G/XG Ethernet Blade Switch
321322323324325326327328329330
IPv4 Access Control Lists (ACLs)
Introduction
For ACL filtering to take effect, configure an ACL and then assign it to the
inbound traffic on a statically configured port or trunk.
Table 9-1. Comprehensive Command Summary
Action Command Page
Configuring Standard
(Numbered) ACLs
ProCurve(config)# [no] access-list < 1-99 > < deny | permit >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
9-40
Configuring Extended
(Numbered) ACLs
ProCurve(config)# [no] access-list <100-199> < deny | permit >
ip < any | host <src-ip-addr > | src-ip-address/mask
>
1
[log]
2
9-45
ProCurve(config)# [no] access-list < 100-199 > < deny | permit >
< tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[eq < src-port tcp/udp-id >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
9-45
[eq < dest-port tcp/udp-id >]
[log]
2
Configuring Standard
(Named) ACLs
ProCurve(config)# [no] ip access-list standard < name-str | 1-99 >
ProCurve(config-std-nacl)# < deny | permit >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
9-51
9-51
ReSequence the ACEs
in a Standard ACL
ProCurve(config)# ip access-list resequence <name-str | 1-99> <1-2147483647>
Configuring Extended
(Named) ACLs
ProCurve(config)# [no] ip access-list extended < name-str | 100-199 >
ProCurve(config-std-nacl)# < deny | permit > ip
< any | host <src-ip-addr > | src-ip-address/mask >
1
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[log]
2
9-51
9-51
ProCurve(config-std-nacl)# < deny | permit > < tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[ eq < tcp/udp-port-# | well-known-port-name >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
9-51
[ eq < tcp/udp-port-# | well-known-port-name >]
[log]
2
Enabling or Disabling
an ACL
ProCurve(config)# [no] interface < port-list > ip access-group
< name-str | 1-99 | 100-199 > in
9-53
9-6