HP 7102dl - ProCurve Secure Router Configuration Manual page 244

Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
5-12
Replace <listname> with an alphanumeric descriptor that is meaningful to
you. The name is case sensitive.
After you enter this command, you are moved to the extended ACL configu-
ration mode context, as shown below:
ProCurve(config-ext-nacl)#
Permit or Deny Traffic. You can now begin to enter permit and deny
entries. The ACL is empty until you add these entries.
To create permit and deny entries for extended ACLs, you use the following
command syntax:
Syntax: [permit | deny] <protocol> <source address> <source port> <destination
address> <destination port> [<packet bits>] [log | log-input]
You must specify a <protocol>, <source address>, and <destination
address>. However, the following are optional:
<source port> for TCP or UDP traffic
<destination port> for TCP or UDP traffic
<packet bits>
[log | log-input]
All of the command options are explained in the sections that follow.
Specify a Protocol. When you configure extended ACLs, you must specify
a protocol. Valid protocols include:
AH (ahp)
ESP (esp)
GRE (gre)
ICMP (icmp)
IP (ip)
TCP (tcp)
UDP (udp)
You can also specify the number of the protocol. Valid numbers include any
number between 0 and 255.
Defining the Source and Destination Addresses. You must configure
both a source and a destination address for each entry. When you create
entries in an extended ACL, remember that you always specify the source
address first, and then you specify the destination address.