Product guide
10-52
Access Control Lists (ACLs)
Configuring Standard ACLs
A standard ACL uses only source IP addresses in its ACEs. This type of ACE
is useful when you need to:
■ Permit or deny any IP traffic based on source IP address only.
■ Quickly control the IP traffic from a specific address. This allows you
to isolate IP traffic problems generated by a specific device, group of
devices, or a subnet threatening to degrade network performance.
This gives you an opportunity to troubleshoot without sacrificing
performance for users outside of the problem area.
A named, standard ACL is identified by an alphanumeric string of up to 64
characters and is created by entering the Named ACL (nacl) context. A
numbered, standard ACL is identified by a number in the range of 1 - 99 and
is created without having to leave the global config context. Note that the CLI
command syntax for creating a named ACL differs from the command syntax
for creating a numbered ACL. For example, the first pair of entries below
illustrate how to create (or enter) a named, standard ACL and enter an ACE.
The next entry illustrates creating a numbered, standard ACL with the same
ACE.
ProCurve(config)# ip access-list standard Test-List
ProCurve(config-std-nacl)# permit host 10.10.10.147
ProCurve(config)# access-list 1 permit host 10.10.10.147
Note that once a numbered ACL has been created, it can be accessed using
the named ACL method. This is useful if it becomes necessary to edit a
numbered ACL by inserting or removing individual ACEs. (Inserting or delet-
ing an ACE is done by sequence number, and requires the Named ACL (nacl)
context.) The switch allows a maximum of 2048 unique ACL identities; stan-
dard and extended combined.
Note For a summary of standard ACL commands, refer to table 10-9 on page 10-51.
For a summary of all ACL commands, refer to tables 10-1 and 10-2 on pages
10-6 and 10-8.