Applying Access Control to Router Interfaces
Using ACPs to Control Access to Router Interfaces
5-28
Server
Server
Core Switch
Edge Switch
LAN
LAN
Figure 5-7. With Extended ACLs, the ProCurve Secure Router Checks Both the
Source and the Destination Address and, Optionally, the Protocol and
Port
Creating an ACL
To create an ACL, you enter the ip access-list command from the global
configuration mode context:
Syntax: ip access-list [standard |extended] <listname> [log]
Enter either the standard or extended option, depending on the type of ACL
you are configuring, and replace <listname> with an alphanumeric descrip-
tor that is meaningful to you. The listname is case sensitive.
Creating a Standard ACL
To create a standard ACL, enter:
ProCurve(config)# ip access-list standard <listname>
After you enter this command, you are moved to the standard ACL configura-
tion mode context:
ProCurve(config-std-nacl)#
You can now begin to enter permit and deny entries. The ACL is empty until
you add these entries.
Router
Is this source address
permitted or denied?
Is this destination address
permitted or denied?
Edge Switch
Is this protocol and port
permitted or denied?
LAN
LAN
Internet
User