Configuring And Assigning A Numbered, Extended Acl - HP ProCurve 5300xl Series Management Manual

Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Note
9-38

Configuring and Assigning a Numbered, Extended ACL

This section describes how to configure numbered, extended ACLs.
To configure named ACLs, refer to "Configuring a Named ACL" on
■
page 9-44.
■ To configure standard, numbered ACL, refer to "Configuring and
Assigning a Numbered, Standard ACL" on page 9-33.
While standard ACLs use only source IP addresses for filtering criteria,
extended ACLs allow multiple ACE criteria. This enables you to more closely
define your IP packet-filtering criteria. These criteria include:
■ Source and destination IP addresses (required), in one of the
following options:
• Specific host IP
• Subnet or group of IP addresses
• Any IP address
■ IP protocol (IP, TCP, or UDP)
Source TCP or UDP port (if the IP protocol is TCP or UDP)
■
Destination TCP or UDP port (if the IP protocol is TCP or UDP)
■
■ TCP or UDP comparison operator (if the IP protocol is TCP or UDP)
You can configure up to 100 extended ACLs with a numeric name in the range
of 100 -199. You can also configure extended ACLs with alphanumeric names.
(Refer to "Configuring a Named ACL" on page 9-44.) The switch allows a
maximum of 255 ACLs in any combination of numeric and alphanumeric
names, and determines the total from the number of unique ACL names in the
configuration. For example, if you configure two ACLs, but assign only one of
them to a VLAN, the ACL total is two, for the two unique ACL names. If you
then assign the name of a nonexistent ACL to a VLAN, the new ACL total is
three, because the switch now has three unique ACL names in its configura­
tion. (The switch allows up to 1024 ACEs total in all ACLs.)
For a summary of ACL commands, refer to table 9-1, "Comprehensive Com­
mand Summary", on page 9-4.