HP ProCurve 2910al Access Security Manual page 383

Hide thumbs Also See for ProCurve 2910al:
Table of Contents

Advertisement

no ip access-list extended List-120
ip access-list extended "List-120"
10 remark "THIS ACE ALLOWS TELNET"
10 permit tcp 10.30.133.27 0.0.0.0 eq 23 0.0.0.0 255.255.255.255
20 deny ip 10.30.133.1 0.0.0.255 0.0.0.0 255.255.255.255
30 deny ip 10.30.155.1 0.0.0.255 0.0.0.0 255.255.255.255
40 remark "THIS IS THE FINAL ACE IN THE LIST"
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Figure 9-32. Example of an Offline ACL File Designed To Replace An Existing ACL
Note
If you are replacing an ACL on the switch with a new ACL that uses the
same number or name syntax, begin the command file with a no ip access-
list command to remove the earlier version of the ACL from the switch's
running-config file. Otherwise, the switch will append the new ACEs in
the ACL you download to the existing ACL. For example, if you planned
to use the copy command to replace ACL "List-120", you would place this
command at the beginning of the edited file:
no ip access-list extended List-120
3. Use copy tftp command-file to download the file as a list of commands to
the switch.
4. Use the show run or show access-list config command to inspect the switch
configuration to ensure that the ACL was properly downloaded.
If a transport error occurs, the switch does not execute the command and the
ACL is not configured.
IPv4 Access Control Lists (ACLs)
Creating or Editing ACLs Offline
Removes an existing ACL
and replaces it with a
new version with the
same identity. To append
new ACEs to an existing
ACL instead of replacing
it, you would omit the first
line and ensure that the
sequence numbering for
the new ACEs begin with
a number greater than
the highest number in the
existing list.
9-95

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents