HP ProCurve 7102dl Reference Manual page 431

SROS Command Line Interface Reference Guide
Default Values
By default, all SROS security features are disabled and there are no configured access lists.
Functional Notes
SROS access control policies are used to allow, discard, or manipulate (using NAT) data for each physical
interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). When
packets are received on an interface, the configured ACPs are applied to determine whether the data will
be processed or discarded.
Caution
An implicit discard exists at the end of every policy class. Specifying a discard list is
unnecessary in most applications and should be used with caution. A discard list can
adversely affect certain functions of a unit (VPN, routing protocols, etc.). Specifying an
empty ACL or a non-existent ACL in a policy class will result in an implicit permit.
Usage Examples
The following is an example of adding policy class entries (ACL self and ACL MATCHALL) to a policy class
named Private:
ProCurve(config)#ip policy-class Private
ProCurve(config-policy-class)#allow list self self
ProCurve(config-policy-class)#nat destination list MATCHALL interface ppp 1 overload
The following is a sample output of the configuration after issuing these commands:
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
ip access-list extended self
remark Traffic to Router
permit ip any any log
!
ip policy-class Private
allow list self self
nat source list wizard-ics interface ppp 1 overload
!
Technology Review
Creating access policies and lists to regulate traffic through the routed network is a four-step process:
Step 1:
Enable the security features of the SROS using the ip firewall command.
5991-2114 © Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
429