HP ProCurve 7102dl Reference Manual page 381
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
ip access-list standard <listname>
Use the ip access-list standard command to create an empty access list and enter the standard access-list
command set. Use the no form of this command to delete an access list and all the entries contained in it.
For more information on using access lists with the SROS firewall, refer to ip policy-class <policyname>
on page 426. The following lists the complete syntax for the ip access-list standard commands:
ip access-list standard <listname>
<action> <source>
Syntax Description
<listname>
<action>
<source>
Default Values
By default, all SROS security features are disabled and there are no configured access lists.
Functional Notes
Access control lists (ACLs) are used as packet selectors by different SROS features (firewall, VPN, QoS);
by themselves they do nothing. ACLs are composed of an ordered list of entries with an implicit deny all at
the end of each list. An ACL entry contains two parts: an action (permit or deny) and a packet pattern. A
permit ACL is used to match packets (meeting the specified pattern) to enter the router system. A deny
ACL advances the SROS to the next access policy entry. The SROS provides two types of ACLs: standard
and extended. Standard ACLs match based on the source of the packet. Extended ACLs match based on
the source and destination of the packet.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the more general at the bottom.
5991-2114
Identifies the configured access list using an alphanumeric descriptor. All
access list descriptors are case-sensitive.
permit
Permits entry to the routing system for specified packets.
deny
Denies entry to the routing system for specified packets.
remark
Associates a descriptive tag (up to 80 alphanumeric characters
enclosed in quotation marks) to the access list. Enter a functional
description for the list such as "This list blocks all outbound
Web traffic."
Specifies the source used for packet matching. Sources can be expressed
in one of four ways:
1. Using the keyword any to match any IP address.
2. Using host <A.B.C.D> to specify a single host address.
3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a
range. Wildcard masks work in reverse logic from subnet masks.
Specifying 255 in any octet of the wildcard mask equates to a
"don't care".
4. Using the keyword hostname to match based on a DNS name. The unit
must be configured with DNS servers for this function to work.
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
379
Advertisement
Chapters
Table of Contents
