HP ProCurve 7102dl Reference Manual page 428
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
ip policy-class <policyname>
Use the ip policy-class command to create an access control policy and enter the access control policy
command set. Use the no form of this command to delete an access policy and all the entries contained in
it.Variations of this command include:
ip policy-class <policyname>
.
<action>
Note
Configured access policies will only be active if the ip firewall command has been entered
at the Global Configuration mode prompt to enable the SROS security features. All
configuration parameters are valid, but no security data processing will be attempted
unless the security features are enabled.
Caution
Before applying an access control policy to an interface, verify your Telnet connection will
not be affected by the policy. If a policy is applied to the interface you are connecting
through and it does not allow Telnet traffic, your connection will be lost.
Syntax Description
<policyname>
<action>
allow list
5991-2114
Identifies the configured access policy by alphanumeric descriptor (maximum of
255 characters). All access policy descriptors are case-sensitive.
Specifies the action for the ACP as allow, discard, or nat).
All packets permitted by the access control list (ACL) will be allowed to enter the
interface to which the policy class is assigned and an association will be created
in the firewall. All associations created by the allow list are subject to the built-in
firewall timers (refer to
ip policy-timeout <protocol> <range> <port>
<seconds>
on page 433). All packets denied by the ACL will be processed by the
next policy class entry or implicitly discarded if no further policy class entries exist.
Possible allow list actions performed by the access policy are as follows:
allow list <access control list name>
allow list <access control list name> stateless
allow list <access control list name> policy <access policy name>
allow list <access control list name> policy <access policy name> stateless
allow list <access control list name> self
allow list <access control list name> self stateless
policy <access policy name>
When the policy <access policy name> is specified, the firewall attempts to
match the specified access policy with the access policy that is applied to the
packet's egress interface as determined by the routing table or policy-based
routing configuration. If there is a match, the firewall will process the packet. If
there is no match, the firewall will process the packet based on the next policy
class entry or implicitly discard it if no further policy class entries exist.
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
426
Advertisement
Chapters
Table of Contents
