HP ProCurve 6120G/XG Manual page 353
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
■
Every IP address and mask pair (source or destination) used in an
ACE creates one of the following policies:
•
Any IP address fits the matching criteria. In this case, the switch
automatically enters the IP address and mask in the ACE. For exam
ple:
access-list 1 deny any
produces this policy in an ACL listing:
IP Address
0.0.0.0
This policy states that every bit in every octet of a packet's SA is a
wildcard, which covers any IP address.
•
One IP address fits the matching criteria. In this case, you provide
the IP address and the switch provides the mask. For example:
access-list 1 permit host 18.28.100.15
produces this policy in an ACL listing:
IP Address
18.28.100.15
This policy states that every bit in every octet of a packet's SA must
be the same as the corresponding bit in the SA defined in the ACE.
•
A group of IP addresses fits the matching criteria. In this case
you provide both the IP address and the mask. For example:
access-list 1 permit 18.28.32.1 0.0.0.31
IP Address
18.28.32.1
This policy states that:
–
In the first three octets of a packet's SA, every bit must be set the
same as the corresponding bit in the SA defined in the ACE.
–
In the last octet of a packet's SA, the first three bits must be the
same as in the ACE, but the last five bits are wildcards and can
be any value.
Unlike subnet masks, the wildcard bits in an ACL mask need not be
■
contiguous. For example, 0.0.7.31 is a valid ACL mask. However, a
subnet mask of 255.255.248.224 is not a valid subnet mask.
IPv4 Access Control Lists (ACLs)
Traffic Management and Improved Network Performance
Mask
255.255.255.255
Mask
0.0.0.0
Mask
0.0.0.31
9-29
Hide quick links:
Advertisement
Table of Contents
