HP ProCurve 5300xl Series Management Manual page 455

Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
The mask is applied to the IP address in the ACL to define
which bits in a packet's source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
"How an ACE Uses a Mask To Screen Packets for Matches"
on page 10-30.
[ log]
Optionally generates an ACL log message if:
•
•
• ACL logging is enabled on the switch. (Refer to
(Use the debug command to direct ACL logging output to
the current console session and/or to a Syslog server. Note
that you must also use the logging < ip-addr > command to
specify the IP addresses of Syslog servers to which you want
log messages sent. See also "Enable ACL "Deny" Logging"
on page 10-71.)
Syntax: interface < port-list | trunk > access-group < ASCII-STR > in
Assigns an ACL, designated by an ACL ID (<
to an interface ( list of one or more ports and/or one or more
static trunks).
Example of a Standard ACL. Suppose you wanted to configure a standard
ACL and assign it to filter inbound traffic on port 10 in a particular switch:
The ID you selected for this ACL is "50".
■
You want the ACL to deny IP traffic from all hosts except these three:
■
• 10.128.100.10
• 10.128.100.27
• 10.128.100.14
The action is deny.
There is a match.
"Enable ACL "Deny" Logging" on page 10-71.)
Configuring and Assigning an ACL
ASCII-STR >),
10-45