Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
Permit Routing Updates. When you configure ACLs, remember that any
traffic that you do not explicitly permit will match the implicit "deny any" entry
at the end of the ACL. If you have configured a routing protocol and routing
updates are being sent to a router interface, you should ensure that these
routing updates are permitted by the ACL you assign to that interface. For
example, to permit routing information protocol (RIP) updates, enter:
ProCurve(config-ext-nacl)# permit udp any any eq rip
To permit border gateway protocol (BGP) updates, enter
ProCurve(config-ext-nacl)# permit tcp any any eq bgp
You would apply the ACL to the interface on which you want to permit routing
updates.
Permit Traffic from Specific Networks. You may want to restrict access
to specific networks. For example, you may want to permit traffic from
10.1.1.0 /30, but deny traffic from 192.168.115.0 /24. To configure entries for
this access, enter:
ProCurve(config-ext-nacl)# permit ip 10.1.1.0 0.0.0.3 any
ProCurve(config-ext-nacl)# deny ip 192.168.115.0 0.0.0.255 any
Again, you would apply the ACL to the appropriate interface.
5-25