Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6400cl
501502503504505506507508509510
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Editing ACLs and Creating an ACL Offline
Removes an existing ACL and replaces it
with a new version with the same identity.
To append new ACEs to the ACL instead of
no ip access-list extended 103
replacing it, you would omit the first line.
ip access-list extended "103"
deny tcp 0.0.0.0 255.255.255.255 10.10.10.2 0.0.0.0 eq 23 log
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Figure 10-29. Example of an Offline ACL File Designed To Replace An Existing ACL
For example, suppose that you wanted to create an extended ACL to fulfill
the following requirements (Assume a subnet mask of 255.255.255.0.):
ID: 160
Deny Telnet access to a server at 10.10.10.100 from these three IP
addresses on port 2 (with ACL logging):
10.10.20.17
10.10.20.23
10.10.20.40
Allow any inbound access from all other addresses on port 2:
Permit internet access to the following two IP addresses through port
24, but deny access to all other addresses through this port (without
ACL logging).
10.10.20.98
10.10.20.21
Deny all traffic from port 3 to the server at 10.10.10.100 (without ACL
logging).
Deny all traffic from port 5 to the server at 10.10.10.100 (without ACL
logging), but allow any other traffic from port 5.
1. To create an ACL offline for the above requirements, you would create
a .txt file with the content shown in figure 10-30.
10-73