HP 3500yl Series Access Security Manual page 459
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Table 10-3. Example of Using an IPv4 Address and Mask in an Access Control Entry
Address in the ACE
A: 10.38.252.195
0.0.0.255
B: 10.38.252.195
0.0.7.255
C: 10.38.252.195
0.0.0.0
D: 10.38.252.195
0.15.255.255 Exact match in the first octet
Examples Allowing Multiple IPv4 Addresses. Table 10-3 provides exam-
ples of how to apply masks to meet various filtering requirements.
Mask
Policy for a Match Between a
Packet and the ACE
Exact match in first three
octets only.
Exact match in the first two
octets and the leftmost five bits
(248) of the third octet.
Exact match in all octets.
and the leftmost four bits of the
second octet.
Table 10-4. Mask Effect on Selected Octets of the IPv4 Addresses in Table 10-3
Addr Octet
Mask
A
3
0
all bits
B
3
7
last 3 bits
C
4
0
all bits
D
2
15
last 4 bits
Shaded areas indicate bit settings that must be an exact match.
If there is a match between the policy in the ACE and the IPv4 address in a
packet, then the packet is either permitted or denied, according to how the
ACE is configured. If there is not a match, the next ACE in the ACL is then
applied to the packet. The same operation applies to a destination IPv4
address (DA) used in an extended ACE. (Where an ACE includes both source
and destination addresses, there is one address/ACL-mask pair for the source
address, and another address/ACL-mask pair for the destination address. See
"Configuring and Assigning an IPv4 ACL" on page 10-40.)
Allowed Addresses
10.38.252.< 0-255 >
(See row A in table 10-4, below.)
10.38.< 248-255 >.< 0-255 >
(In the third octet, only the rightmost three bits are
wildcard bits. The leftmost five bits must be a
match, and in the ACE, these bits are all set to 1. See
row B in table 10-4, below.)
10.38.252.195
(There are no wildcard bits in any of the octets. See
row C in table 10-4, below.)
10.< 32-47 >.< 0-255 >.<0-255>
(In the second octet, the rightmost four bits are
wildcard bits. See row D in table 10-4, below.)
Octet
128
64
32
Range
252
1
1
1
248-255
1
1
1
195
1
1
0
32-47
0
0
1
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
16
8
4
2
1
1
1
0
1
1
0 or 1 0 or 1 0 or 1
0
0
0
1
0
0 or 1 0 or 1
0 or 1 0 or 1
1
0
1
10-39
Hide quick links:
Advertisement
Chapters
Table of Contents
