N o t e
To exclude a specific host from the action that you will specify in the
ACP, enter:
ProCurve(config-std-nacl)# deny host 192.168.115.90
b. If you are configuring an extended ACL, enter:
Syntax: permit | deny <protocol> <source address> <source port> <destina-
tion address> <destination port>
Replace <protocol> with one of the following:
–
AHP
–
ESP
–
GRE
–
ICMP
–
IP
–
TCP
–
UDP
To specify a source or destination address, use the following syntax:
Syntax: any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>
For example, if you want to select TCP traffic from any source to any
destination, enter:
ProCurve(config-ext-nacl)# permit tcp any any
If you want to exclude all ICMP traffic from a specific host, such as
host 192.168.115.90, to any destination, enter:
ProCurve(config-ext-nacl)# deny icmp host 192.168.115.90 any
To exclude ICMP traffic from a range of IP addresses to a specific
destination, enter:
Syntax: deny icmp <A.B.C.D> <wildcard bits> host <A.B.C.D>
The entries are processed in the order in which you enter them. In addition,
each ACL contains an implicit "deny any" entry at the end of the list. If you do
not create an entry to allow a specific type of traffic, it will be denied. That is,
the traffic will be excluded from the action specified in the related entry in
the ACP.
3.
After configuring the entries for the ACL, exit the ACL.
Syntax: exit
Applying Access Control to Router Interfaces
Quick Start
5-65