HP ProCurve 5300xl Series Management Manual page 386

Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
9-40
< any | host < src-ip-addr > | ip-addr/mask -length >
In an extended ACL, this parameter defines the source IP
address (SA) that a packet must carry in order to have a
match with the ACE.
• any — Specifies all inbound IP packets.
host < src-ip-addr > — Specifies only inbound packets from
•
a single IP address. Use this option when you want to
match only the IP packets from one source IP address.
src-ip-addr/mask-length — Performs the specified action
•
on any IP packet having a source address within the
range defined by either
< src-ip-addr / cidr-mask-bits >
or
< src-ip-addr < mask >>
Use this criterion to filter packets received from either a
subnet or a group of IP addresses. The mask can be in
either dotted-decimal format or CIDR format with the
number of significant bits. Refer to "Using CIDR
Notation To Enter the ACL Mask" on page 9-32.
The mask is applied to the IP address in the ACL to define
which bits in a packet's source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
"How an ACE Uses a Mask To Screen Packets for Matches"
on page 9-20.
[operator < src-port tcp/udp-id >]
In an extended ACL where you have selected either tcp or
udp as the packet protocol type (see above), you can option-
ally use a TCP or UDP source port number or range of
numbers to further define the criteria for a match. To
specify a TCP or UDP port number, (1) select a comparison
operator from the following list and (2) enter the port
number or a well-known port name.