HP ProCurve 7102dl Reference Manual page 432
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
Step 2:
Create an access control list to permit or deny specified traffic. Standard ACLs match based on the source
of the packet. Extended ACLs match based on the source and destination of the packet. Sources can be
expressed in one of four ways:
1. Using the keyword any to match any IP address.
2. Using host <A.B.C.D> to specify a single host address.
3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a range. Wildcard masks work in
reverse logic from subnet masks. Specifying 255 in any octet of the wildcard mask equates to a
"don't care".
4. Using the keyword hostname to match based on a DNS name. The unit must be configured with DNS
servers for this function to work.
Step 3:
Create an access policy that uses a configured access list. SROS access policies are used to allow,
discard, or manipulate (using NAT) data for each physical interface. Each ACP consists of a selector
(access list) and an action (allow, discard, NAT). When packets are received on an interface, the
configured ACPs are applied to determine whether the data will be processed or discarded. Possible
actions performed by the access policy are as follows:
allow list <access control list name>
allow list <access control list name> stateless
allow list <access control list name> policy <access policy name>
allow list <access control list name> policy <access policy name> stateless
allow list <access control list name> self
allow list <access control list name> self stateless
discard list <access control list name>
discard list <access control list name> policy <access policy name>
discard list <access control list name> self
nat destination list <access control list name> address <IP address> port <port number>
nat source list <access control list name> address <IP address> overload
nat source list <access control list name> address <IP address> policy <access policy name>
nat source list <access control list name> interface <interface> overload
nat source list <access control list name> interface <interface> policy <access policy name>
Step 4:
Apply the created access policy to an interface. To assign an access policy to an interface, enter the
interface configuration mode for the desired interface and enter access policy <policy name>. The
following example assigns access policy MatchAll to the Ethernet 0/1 interface:
ProCurve(config)#interface ethernet 0/1
ProCurve(config-eth 0/1)#access-policy MatchAll
5991-2114
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
430
Advertisement
Chapters
Table of Contents
