HP 7102dl - ProCurve Secure Router Configuration Manual page 296

Applying Access Control to Router Interfaces
Quick Start
N o t e
5-64
When an ACL is used in conjunction with an ACP, a permit entry means that
the traffic defined by the packet pattern is selected for the action specified in
the ACP. A deny entry, on the other hand, means that the traffic is excluded
from the action specified in the ACP. If the ProCurve Secure Router detects
traffic that matches a deny entry in the ACL, it does not take the action
specified in the ACP entry. Instead, the router stops processing the ACL and
the related entry in the ACP and moves to the next entry in the ACP. For more
information about matching traffic to ACLs in ACPs, see "Processing ACPs"
on page 5-39.
ACPs support three types of actions:
allow traffic selected by the ACL
discard traffic selected by the ACL
manipulate traffic selected by the ACL for NAT
This chapter focuses on creating ACPs to allow or discard traffic that is
selected by the ACL. NAT is discussed in Chapter 6: Configuring Network
Address Translation.
Remember that you must enable the Secure Router OS firewall before the
ACPs that you apply to interfaces can take effect.
To configure an ACL and apply it to an ACP, complete the following steps:
1. Create the ACL. From the global configuration mode context, enter:
Syntax: ip access-list [standard |extended] <listname>
For example, to create an extended ACL, enter:
ProCurve(config)# ip access-list extended Inside
2. From the ACL configuration mode context, configure permit or deny
entries.
a. If you are configuring a standard ACL, enter:
Syntax: [permit | deny] [any | host {<A.B.C.D> | <hostname>} | <A.B.C.D>
<wildcard bits>]
For example, to select any packet, enter:
ProCurve(config-std-nacl)# permit any
To select a specific host, enter:
ProCurve(config-std-nacl)# permit host 192.168.115.90