HP ProCurve 6120G/XG Manual page 355
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
.
ip access-list standard Fileserver
permit 10.28.252.117
ACE
exit
Inbound Packet "A" On Port 20
– Destination Address: 10.35.248.184
– Source Address: 10.28.252.117
Inbound Packet "B" On Port 20
– Destination Address: 10.35.248.184
– Source Address: 10.28.252.120
Figure 9-7. Example of an ACL with an Access Control Entry (ACE) that Allows Only One Source IP Address
Examples Allowing Multiple IP Addresses. Table 9-4 provides examples
of how to apply masks to meet various filtering requirements.
Table 9-4.
Example of Using an IP Address and Mask in an Access Control Entry
IP Address in the ACE
Mask
A: 10.38.252.195
0.0.0.255
B: 10.38.252.195
0.0.7.255
C: 10.38.252.195
0.0.0.0
D: 10.38.252.195
0.15.255.255 Exact match in the first octet
Traffic Management and Improved Network Performance
This ACL (a standard ACL named "Fileserver") includes an ACE (Access Control Entry)
that permits matches only with the packets received from IP address 10.28.252.117
(the SA). Packets from any other source do not match and are denied.
0.0.0.0
Policy for a Match Between a
Packet and the ACE
Exact match in first three
octets only.
Exact match in the first two
octets and the leftmost five bits
(248) of the third octet.
Exact match in all octets.
and the leftmost four bits of the
second octet.
IPv4 Access Control Lists (ACLs)
Source IP Address (SA)
Mask (All zeros mean that a match occurs
only when an IP packet's source address is
identical to the source address configured
in the ACE.
The port permits packet "A" because
its source IP address matches the
source address in the ACE.
The port denies (drops) packet "B"
because its source IP address does
not match the source address in the
ACE.
Allowed IP Addresses
10.38.252.< 0-255 >
(See row A in table 9-5, below.)
10.38.< 248-255 >.< 0-255 >
(In the third octet, only the rightmost three bits are
wildcard bits. The leftmost five bits must be a
match, and in the ACE, these bits are all set to 1. See
row B in table 9-5, below.)
10.38.252.195
(There are no wildcard bits in any of the octets. See
row C in table 9-5, below.)
10.< 32-47 >.< 0-255 >.<0-255>
(In the second octet, the rightmost four bits are
wildcard bits. See row D in table 9-5, below.)
9-31
Hide quick links:
Advertisement
Table of Contents
