HP ProCurve 2910al Access Security Manual page 356
Hide thumbs
Also See for ProCurve 2910al:
- Configuration manual (194 pages) ,
- Manual (126 pages) ,
- Installation and getting started manual (114 pages)
Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
9-68
< ip | ip-protocol | ip-protocol-nbr >
Specifies the packet protocol type required for a match. An
extended ACL must include one of the following:
• ip — any IPv4 packet.
• ip-protocol — any one of the following IPv4 protocol names:
ip-in-ip
ipv6-in-ip gre
ospf
pim
udp*
icmp*
• ip-protocol-nbr — the protocol number of an IPv4 packet type,
such as "8" for Exterior Gateway Protocol or 121 for Simple
Message Protocol. (For a listing of IPv4 protocol numbers
and their corresponding protocol names, refer to the IANA
"Protocol Number Assignment Services" at www.iana.com.)
(Range: 0 - 255)
* For TCP, UDP, ICMP, and IGMP, additional criteria can be
specified, as described later in this section.
< any | host < SA > | SA/mask-length | SA < mask >>
In an extended ACL, this parameter defines the source address
(SA) that a packet must carry in order to have a match with
the ACE.
• any — Specifies all inbound IPv4 packets.
• host < SA > — Specifies only inbound IPv4 packets from a
single address. Use this option when you want to match only
the IPv4 packets from a single source address.
• SA/mask-length or SA < mask > — Specifies packets received
from an SA, where the SA is either a subnet or a group of
IPv4 addresses. The mask can be in either dotted-decimal
format or CIDR format with the number of significant bits.
Refer to "Using CIDR Notation To Enter the IPv4 ACL Mask"
on page 9-43.
esp
ah
vrrp
sctp
tcp*
igmp*
Hide quick links:
Advertisement
Table of Contents
