Action
Command
Deleting an ACL from ProCurve(config)# no ip access-list < standard < name-str | 1-99 >>
the Switch
ProCurve(config)# no ip access-list < extended < name-str | 100 -199 >>
Displaying ACL Data
ProCurve(config)# show access-list
ProCurve(config)# show access-list [ acl-name-string ]
ProCurve(config)# show access-list config
ProCurve(config)# show access-list ports < port-list >
ProCurve(config)# show access-list radius
ProCurve(config)# show access-list resources
ProCurve(config)# show access-list vlan
ProCurve(config)# show config
ProCurve(config)# show running
1
The mask can be in either dotted-decimal notation (such as 0.0.15.255) or CIDR notation (such as /20).
2
The [log] function applies only to "deny" ACLs, and generates a message only when there is a "deny" match.
Terminology
Access Control Entry (ACE): An ACE is a policy consisting of criteria and
Access Control List (ACL): A list (or set) consisting of one or more
ACE: See "Access Control Entry".
ACL: See "Access Control List".
an action to take (permit or deny) on a packet if it meets the criteria. The
elements composing the criteria include:
•
Source IP address and mask (standard and extended ACLs)
•
Destination IP address and mask (extended ACLs only)
•
TCP or UDP application port numbers (optional, extended ACLs only)
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit "deny" default which drops any packets that do not have a
match with any explicit ACE in the named ACL. The two classes of ACLs
are "standard" and "extended". See "Standard ACL" and "Extended ACL".
IPv4 Access Control Lists (ACLs)
Terminology
Page
9-54
9-55
9-7