HP ProCurve 6120G/XG Manual page 371

< any | host < src-ip-addr > | ip-addr/mask -length >
In an extended ACL, this parameter defines the source IP
address (SA) that a packet must carry in order to have a
match with the ACE.
• any — Specifies all inbound IP packets.
• host < src-ip-addr > — Specifies only inbound packets from
a single IP address. Use this option when you want to
match only the IP packets from one source IP address
(device).
• src-ip-addr/mask-length — Performs the specified action
on any IP packet having a source address within the
range defined by either
< src-ip-addr / cidr-mask-bits >
or
< src-ip-addr < mask >>
Use this criterion to filter packets received from either a
subnet or a group of IP addresses. The mask can be in
either dotted-decimal format or CIDR format with the
number of significant bits. Refer to "Using CIDR
Notation To Enter the ACL Mask" on page 9-39.
The mask is applied to the IP address in the ACL to define
which bits in a packet's source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
"How an ACE Uses a Mask To Screen Packets for Matches"
on page 9-26.
[operator < src-port tcp/udp-id >]
In an extended ACL where you have selected either tcp or
udp as the packet protocol type (see above), you can option­
ally use a TCP or UDP source port number to further define
the criteria for a match. To specify a TCP or UDP port
number, (1) select the eq comparison operator and (2) enter
the port number or a well-known port name.
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an ACL
9-47