HP ProCurve 6120G/XG Manual page 360
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
ip access-list < type > "< name-str | 100-199 >"< permit | deny > ip
< source-ip-address > < source-acl-mask >
< destination-ip-address > < destination-acl-mask > [log]
< permit | deny > tcp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >]
[log]
< permit | deny > udp
< source-ip-address > < source-acl-mask > [< operator > < port-id >]
< destination-ip-address > < destination-acl-mask > [< operator > < port-id >]
[log]
. . .
exit
Figure 9-10. General Structure for an Extended ACL
For example, figure 9-11 shows how to interpret the entries in an extended
ACL.
Protocol Types
Source IP Addresses and
End-of-List
Marker
Upper entry denies certain
UDP packets from a single
host. Lower entry denies all
ACE Action
UDP packets from all hosts.
(permit or deny)
Figure 9-11. Example of a Displayed Extended ACL Configuration
9-36
ACL List Heading with
List Type and ID String
(Name or Number)
Optional Source UDP or
Masks.
TCP Operator and Port
Number
In this case, the ACL
specifies UDP port 69
packets coming from the
source IP address.
Note: The optional log
function appears only
with "deny" aces.
Specifies all destination
IP addresses.
Denies TCP
traffic to any
destination
Destination IP
Optional Destination
UDP or TCP Operator
Address and Mask
and Port Numbers
In this case, the ACL
specifies UDP port
number 3690.
Port 80
from any
source.
Hide quick links:
Advertisement
Table of Contents
