ProCurve 2610 Manual page 273

• IP-addr / mask-length — Performs the specified action on
any IP packet having a source address within the range
defined by either
< src-ip-addr / cidr-mask-bits >
or
< src-ip-addr < mask >>
Use this criterion to filter packets received from either a
subnet or a group of contiguous IP addresses. The mask
can be in either dotted-decimal format or CIDR format
with the number of significant bits. Refer to "Using CIDR
Notation To Enter the ACL Mask" on page 9-38.
The mask is applied to the IP address in the ACL to define
which bits in a packet's source IP address must exactly
match the IP address configured in the ACL and which
bits need not match. Note that specifying a group of
contiguous IP addresses may require more than one
ACE. For more on how masks operate in ACLs, refer to
"How an ACE Uses a Mask To Screen Packets for Matches"
on page 9-25.
[ log]
Optionally generates an ACL log message if:
•
• There is a match.
• ACL logging is enabled on the switch. (Refer to
(Use the debug command to direct ACL logging output to
the current console session and/or to a Syslog server. Note
that you must also use the logging < ip-addr > command to
specify the IP addresses of Syslog servers to which you want
log messages sent. See also "Enable ACL "Deny" Logging"
on page 9-67.)
Syntax: interface < port-list | trunk > access-group < ASCII-STR > in
Assigns an ACL, designated by an ACL ID (<
to an interface ( list of one or more ports and/or one or more
static trunks).
T he action is deny.
"Enable ACL "Deny" Logging" on page 9-67.)
Access Control Lists (ACLs)
Configuring and Assigning an ACL
ASCII-STR >),
9-41