Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl
341342343344345346347348349350
10-58
Access Control Lists (ACLs)
Configuring Standard ACLs
< any | host < SA > | SA < mask | SA/mask-length >>
Defines the source IP address (SA) a packet must carry for a
match with the ACE.
any — Allows IP packets from any SA.
host < SA > — Specifies only packets having < SA > as the
source. Use this criterion when you want to match only the
IP packets from a single SA.
SA < mask > or SA /mask-length Specifies packets received
from an SA, where the SA is either a subnet or a group of IP
addresses. The mask format can be in either dotted-decimal
format or CIDR format (number of significant bits). (Refer
to “Using CIDR Notation To Enter the ACL Mask” on page
10-50).
SA Mask Application: The mask is applied to the SA in the
ACE to define which bits in a packet’s SA must exactly match
the SA configured in the ACL and which bits need not match.
Example: 10.10.10.1/24 and 10.10.10.1 0.0.0.255 both define
any IP address in the range of 10.10.10.(1 - 255).
Note: Specifying a group of contiguous IP addresses may
require more than one ACE. For more on how masks operate
in ACLs, refer to “How an ACE Uses a Mask To Screen Packets
for Matches” on page 10-36.