HP 2530 Manual Supplement page 45

Specify the type of traffic to filter.
ip
Applies the ACE to all IP traffic from the authenticated client.
ip-protocol-value
Applies the ACE to the type of IP traffic specified by either a protocol number or by tcp , udp ,
icmp, or (for IPv4-only) igmp. The range of protocol numbers is 0-255. (Protocol numbers are defined
in RFC 2780. For a complete list, see "Protocol Registries" on the Web site of the Internet Assigned
Numbers Authority at( http:\\www.iana.com.) Examples of protocol numbers:
1=ICMP, 2=IGMP (IPv4 only), 6=TCP, 17=UDP, 41=IPv6
from any
Required keywords specifying the (authenticated) client source. (Note that a RADIUS-assigned ACL
assigned to a port filters only the inbound traffic having a source MAC address matching the MAC
address of the client whose authentication invoked the ACL assignment.)
to
Required destination keyword.
any
Specifies any IPv4 destination address if one of the following is true:
The ACE uses the standard attribute ( Nas-filter-Rule) and the IPv6 VSA (
HP-Nas-Rules-IPv6) is not included the ACL. For example:
Nas-filter-Rule="permit in tcp from any to any 23"
Nas-filter-Rule+="permit in ip from any to 10.10.10.1/24"
Nas-filter-Rule+="deny in ip from any to any"
The ACE uses the standard attribute ( Nas-filter-Rule) and the IPv6 VSA (
HP-Nas-Rules-IPv6) is included in the ACL with an integer setting of 2. For example, all
the following destinations are for IPv4 traffic:
HP-Nas-Rules-IPv6=2
Nas-filter-Rule="permit in tcp from any to any 23"
Nas-filter-Rule+="permit in ip from any to 10.10.10.1/24"
Nas-filter-Rule+="deny in ip from any to any"
The HP-Nas-Filter-Rule VSA is used instead of either of the above options. For example, all
the following destinations are for IPv4 traffic:
HP-Nas-filter-Rule="permit in tcp from any to any 23"
HP-Nas-filter-Rule+="permit in ip from any to 10.10.10.1/24"
HP-Nas-filter-Rule+="deny in ip from any to any"
Specifies any IPv4 or IPv6 destination address if the ACL uses the HP-Nas-Rules-IPv6 VSA with
an integer setting of 1. See
destinations in the following ACL apply to both IPv4 and IPv6 traffic:
HP-Nas-Rules-IPv6=1
Nas-filter-Rule="permit in tcp from any to any 23"
Nas-filter-Rule+="permit in ip from any to 10.10.10.1/24"
Nas-filter-Rule+="permit in ip from any to fe80::d1:1/120"
Nas-filter-Rule+="deny in ip from any to any"
host <ipv4-addr>
Specifies a single destination IPv4 address.
<ipv4-addr/<mask >
Specifies a series of contiguous destination addresses or all destination addresses in a subnet. The
< mask > is CIDR notation for the number of leftmost bits in a packet's destination IPv4 address
that must match the corresponding bits in the destination IPv4 address listed in the ACE. For example,
a destination of 10.100.17.1/24 in the ACE means that a match occurs when an inbound packet
"Nas-Filter-Rule Attribute Options" (page
Configuring RADIUS server support for switch services
42). For example, the any
45