Product guide
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Introduction
Table 10-1. Comprehensive Command Summary
Action Command Page
Configuring Standard
(Numbered) ACLs
Configuring Extended
(Numbered) ACLs
ProCurve(config)# [no] access-list < 1-99 > < deny | permit >
10-47
< any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
ProCurve(config)# [no] access-list <100-199> < deny | permit >
10-52
ip < any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
ProCurve(config)# [no] access-list < 100-199 > < deny | permit >
10-52
< tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[eq < src-port tcp/udp-id >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[eq < dest-port tcp/udp-id >]
[log]
2
Configuring Standard
(Named) ACLs
ProCurve(config)# [no] ip access-list standard < name-str | 1-99 >
ProCurve(config-std-nacl)# < deny | permit >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[log]
2
10-58
10-58
Configuring Extended
(Named) ACLs
ProCurve(config)# [no] ip access-list extended < name-str | 100-199 >
ProCurve(config-std-nacl)# < deny | permit > ip
< any | host <src-ip-addr > | src-ip-address/mask >
1
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
[log]
2
10-58
10-58
ProCurve(config-std-nacl)# < deny | permit > < tcp | udp >
< any | host <src-ip-addr > | src-ip-address/mask >
1
[ eq < tcp/udp-port-# | well-known-port-name >]
< any | host <dest-ip-addr > | dest-ip-address/mask >
1
10-58
[ eq < tcp/udp-port-# | well-known-port-name >]
[log]
2
Enabling or Disabling ProCurve(config)# [no] interface < port-list > access-group 10-61
an ACL < name-str | 1-99 | 100-199 > in
Deleting an ACL from ProCurve(config)# no ip access-list < standard < name-str | 1-99 >> in 10-62
the Switch
ProCurve(config)# no ip access-list < extended < name-str | 100 -199 >> in
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [log] function applies only to “deny” ACLs, and generates a message only when there is a “deny” match.
10-6