HP E3800-24G-PoE+-2SFP+ Access Security Manual page 495

HP Switch(config)# ip access-list extended NO-TELNET
HP Switch(config-ext-nacl)# remark "DENY 10.10.10.3 TELNET TRAFFIC IN"
HP Switch(config-ext-nacl)# deny tcp host 10.10.10.3 any eq telnet log
HP Switch(config-ext-nacl)# permit ip any any
HP Switch(config-ext-nacl)# exit
HP Switch(config)# vlan 10 ip access-group NO-TELNET in
HP Switch(config)# logging 10.10.20.3
HP Switch(config)# logging facility syslog
HP Switch(config)# debug destination logging
HP Switch(config)# debug destination session
HP Switch(config)# debug acl
HP Switch(config)# write mem
HP Switch(config)# show debug
Debug Logging
Destination:
Logging --
10.10.20.3
Facility = syslog
Session
Enabled debug types:
event
acl log
HP Switch(config)# show access-list config
ip access-list extended "NO-TELNET"
10 remark "DENY 10.10.10.3 TELNET TRAFFIC"
10 deny tcp 10.10.10.5 0.0.0.0 0.0.0.0 255.255.255.255 eq 23 log
20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Figure 10-45. Commands for Applying an ACL with Logging to Figure 10-44
IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
Assigns the ACL named "NO-TELNET" as
an RACL to filter routed Telnet traffic from
10.10.10.3 entering the switch on VLAN 10.
10-115