Command Summary For Ipv4 Extended Acls - HP 3500yl Series Access Security Manual

Switch software
Hide thumbs Also See for 3500yl Series:
Table of Contents

Advertisement

IPv4 Access Control Lists (ACLs)
Overview of Options for Applying IPv4 ACLs on the Switch
Action
Command(s)
Create an Extended,
Named ACL
or
Add an ACE to the End
of an Existing,
Extended ACL
Create an Extended,
Numbered ACL
or
Add an ACE to the End
of an Existing,
Numbered ACL
Insert an ACE by
Assigning a Sequence
Number
Delete an ACE by
Specifying Its
Sequence Number
Resequence the ACEs
in an ACL
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
TCP flag (control bit) options for destination TCP.
3
The [ log ] function applies only to "deny" ACLs, and generates a message only when there is a "deny" match.
10-6

Command Summary for IPv4 Extended ACLs

HP Switch(config)# ip access-list extended < name-str | 100-199 >
HP Switch(config-std-nacl)# < deny | permit >
< ip | ip-protocol | ip-protocol-nbr >
< any | host <SA > | SA/< mask-length > | SA < mask >>
< any | host < DA > | DA/< mask-length > | DA < mask >>
< tcp | udp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
< any | host <DA > | DA/< mask-length > | DA < mask >>
[established]
[ack] [fin] [rst] [syn]
< igmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
< any | host < DA > | DA/< mask-length > | DA < mask >>
[ igmp-packet-type ]
< icmp >
< any | host <SA > | SA/< mask-length > | SA < mask >>
< any | host < DA > | DA/< mask-length > | DA < mask >>
[ [< 0 - 255 > [ 0 - 255 ] ] | icmp-message ]
[precedence < priority >]
[tos < tos- setting >]
2
[log]
HP Switch(config)# access-list < 100-199 > < deny | permit >
< ip-options |tcp/udp-options |igmp-options |icmp-options >
[precedence < priority >]
[tos < tos- setting >]
2
[log]
Note:
Uses the same IP, TCP/UDP, IGMP, and ICMP options as shown above for
"Create an Extended, Named ACL".
HP Switch(config)# ip access-list extended < name-str | 100-199 >
HP Switch(config-ext-nacl)# 1-2147483647 < deny | permit >
Uses the options shown above for "Create an Extended, Named ACL".
HP Switch(config)# ip access-list extended < name-str | 100-199 >
HP Switch(config-std-nacl)# no < 1-2147483647 >
HP Switch(config)# ip access-list resequence < name-str | 100-199 >
< 1-2147483647 > < 1-2147483646 >
[comparison-operator < value >]
[comparison-operator < value >]
2
Page
10-61
1
1
1
1
1
1
1
1
10-74
10-88
10-90
10-91

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents