HP 3500yl Series Access Security Manual page 531

HP Switch(config)# show run
. . .
ip access-list extended "LIST-20-IN"
10 remark "THIS ACE APPLIES INBOUND ON VLAN 20"
10 permit tcp 0.0.0.0 255.255.255.255 10.10.20.98 0.0.0.0 eq 80
20 permit tcp 0.0.0.0 255.255.255.255 10.10.20.21 0.0.0.0 eq 80
30 deny tcp 0.0.0.0 255.255.255.255 10.10.20.1 0.0.0.255 eq 80
40 deny tcp 10.10.20.17 0.0.0.0 10.10.10.100 0.0.0.0 eq 23 log
50 deny tcp 10.10.20.23 0.0.0.0 10.10.10.100 0.0.0.0 eq 23 log
60 deny tcp 10.10.20.40 0.0.0.0 10.10.10.100 0.0.0.0 eq 23 log
70 permit ip 10.10.20.1 0.0.0.255 10.10.10.100 0.0.0.0
80 remark "VLAN 30 POLICY."
80 deny ip 10.10.30.1 0.0.0.255 10.10.10.100 0.0.0.0
90 permit ip 10.10.30.1 0.0.0.255 10.10.10.1 0.0.0.255
exit
. . .
vlan 20
name "VLAN20"
no ip address
ip access-group "LIST-20-in" in
exit
Figure 10-42. Example of Verifying the .txt File Download to the Switch
5. If the configuration appears satisfactory, save it to the startup-config file:
HP Switch(config)# write memory
IPv4 Access Control Lists (ACLs)
Creating or Editing ACLs Offline
Note that the comments preceded
by " ; " in the .txt source file for this
configuration do not appear in the
ACL configured in the switch.
As a part of the instruction set included
in the .txt file, the ACL is assigned to
inbound IPv4 traffic on VLAN 20.
10-111