Types Of Acls - HP 7102dl - ProCurve Secure Router Configuration Manual

N o t e
For example, an ACL could include entries such as:
deny host 192.168.115.91
deny host 192.168.44.53
permit 192.168.115.0 0.0.0.255
permit 192.168.44.0 0.0.0.255
The first two entries deny access to the devices with the IP addresses
192.168.115.91 and 192.168.44.53. The last two entries permit access to two
subnets: 192.168.115.0 /24 and 192.168.44.0 /24.

Types of ACLs

The ProCurve Secure Router supports two types of ACLs:
standard
extended
The ProCurve Secure Router supports "named" ACLs. That is, when you
configure a standard or an extended ACL, you assign it a unique name.
A standard ACL matches only one packet pattern: the source IP address. An
extended ACL matches more complex packet patterns:
source address and destination address
IP protocols
TCP and UDP ports
You should create a standard ACL if you want to select traffic based only on
the source IP address. (See Figure 5-1.) If you want to select traffic based on
other fields in the IP, TCP, or UDP header or if you want the Secure Router OS
to filter traffic based on the both the source and destination IP addresses, you
must create an extended ACL. (See Figure 5-2.)
Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
5-7