Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
Server
Edge Switch
LAN
5-8
Server
Extended ACL is applied
to the PPP 1 interface
Router
Core Switch
Edge Switch
LAN
LAN
Figure 5-2. With Extended ACLs, the ProCurve Secure Router Checks Both the
Source and the Destination Address and, Optionally, the Protocol and
the Port
Creating an ACL
To create an ACL, you enter the ip access-list command from the global
configuration mode context:
Syntax: ip access-list [standard |extended] <listname>
Enter either the standard or extended option, depending on the type of ACL
you are configuring, and replace <listname> with an alphanumeric descriptor
that is meaningful to you. The listname is case sensitive.
Creating a Standard ACL
To create a standard ACL, enter:
ProCurve(config)# ip access-list standard <listname>
After you enter this command, you are moved to the standard ACL configura-
tion mode context, as shown below:
ProCurve(config-std-nacl)#
Is this source address permitted or denied?
Is this destination address permitted or
denied?
Is this protocol and port permitted or denied?
LAN
Internet
User