Selector; Creating An Acp - HP 7102dl - ProCurve Secure Router Configuration Manual

Applying Access Control to Router Interfaces
Using ACPs to Control Access to Router Interfaces
N o t e
5-36
Each ACP contains an implicit "discard all" at the end. Packets are discarded
if they do not match any ACL listed in the ACP.
This chapter explains how to create entries that allow or discard packets. For
information about NAT, see Chapter 6: Configuring Network Address
Translation.

Selector

For the selector, you specify one of the ACLs that you have already configured.
If a packet matches a permit entry, the Secure Router OS firewall takes the
action specified in the ACP entry (allow, discard, or NAT). If a packet matches
a deny entry, the Secure Router OS firewall selects the packet but does not
take the action specified by the ACL. Instead, it stops processing the ACL and
attempts to match the packet to the ACL specified in the next entry in the ACP.
ACPs use ACLs in much the same way that NAT or crypto maps use ACLs on
a Cisco router.

Creating an ACP

To create an ACP, you enter the following command from the global configu-
ration mode context:
Syntax: ip policy-class <policyname> [max-sessions <number>]
Replace <policyname> with a unique name that is a maximum of 255
alphanumeric characters. Include the optional max-sessions keyword if you
want to limit the number of sessions that can be created for packets matching
this ACP. For the ProCurve Secure Router 7102dl, you can specify a number
between 1 and 4000. For the ProCurve Secure Router 7203dl, you can specify
a number between 1 and 30000.
For example, to create an ACP called WAN, you would enter:
ProCurve(config)# ip policy-class WAN
The ip policy-class command moves you to the policy class configuration
mode context and creates an empty ACP.