HP ProCurve 7102dl Reference Manual page 377
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
ip access-list extended <listname>
Use the ip access-list extended command to create an empty access list and enter the extended
access-list command set. Use the no form of this command to delete an access list and all the
entries contained in it. For more information on using access lists with the SROS firewall, refer to
ip policy-class <policyname> on page 426. The following lists the complete syntax for the ip access-list
extended commands:
ip access-list extended <listname>
<action> <protocol> <source> <source port> <destination> <destination port>
Syntax Description
<listname>
<action>
<protocol>
<source>
<source port>
5991-2114
Identifies the configured access list using an alphanumeric descriptor. All access
list descriptors are case-sensitive.
permit
Permits entry to the routing system for specified packets.
deny
Denies entry to the routing system for specified packets.
remark
Associates a descriptive tag (up to 80 alphanumeric characters
enclosed in quotation marks) to the access list. Enter a functional
description for the list such as "This list blocks all outbound
Web traffic."
Specifies the data protocol ip, icmp, tcp, udp, ahp, esp, gre, or a specific
protocol (0 to 255).
Specifies the source used for packet matching. Sources can be expressed in one
of four ways:
1. Using the keyword any to match any IP address.
2. Using host <A.B.C.D> to specify a single host address.
3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a range.
Wildcard masks work in reverse logic from subnet masks. Specifying 255 in
any octet of the wildcard mask equates to a "don't care". For example,
entering 192.168.0.0. 0.0.0.255 selects all traffic from the 192.168.0.0/24
network.
4. Using the keyword hostname to match based on a DNS name. The unit must
be configured with DNS servers for this function to work.
Optional. The source port is used only when <protocol> is tcp or udp.The
following keywords and port numbers are supported for the <source port> field:
any
eq <port number>
gt <port number>
lt <port number>
neq <port number>
range <port number>
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
Matches any destination port.
Matches only packets that contain the specified port
number.
Matches only packets with a port number higher than the
one listed.
Matches only packets with a port number lower than the
one listed.
Matches only packets that do not contain the specified
port number.
Matches only packets that contain a port number in the
375
Advertisement
Chapters
Table of Contents
