SROS Command Line Interface Reference Guide
ip access-group <listname> [in | out]
Use the ip access-group command to create an access list to be used for packets transmitted on or received
from the specified interface. Use the no form of this command to disable this type of control.
Syntax Description
<listname>
in
out
Default Values
By default, these commands are disabled.
Functional Notes
When this command is enabled, the IP destination address of each packet must be validated before being
passed through to the router system. If the packet is not acceptable per these settings, it is dropped.
Usage Examples
The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured
TelnetOnly IP access list) into the tunnel interface:
ProCurve(config)#ip access-list extended TelnetOnly
ProCurve(config-ext-nacl)#permit tcp any any eq telnet
ProCurve(config-ext-nacl)#interface tunnel 1
ProCurve(config-tunnel 1)#ip access-group TelnetOnly in
5991-2114
Assigns an IP access list name.
Enables access control on packets received on the specified interface.
Enables access control on packets transmitted on the specified interface.
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Tunnel Configuration Command Set
1168