Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
5-12
All of the command options are explained in the sections that follow.
Specify a Protocol. When you configure extended ACLs, you must specify
a protocol. Valid protocols include:
AH (ahp)
ESP (esp)
GRE (gre)
ICMP (icmp)
IP (ip)
TCP (tcp)
UDP (udp)
You can also specify the number of the protocol. Valid numbers include any
number between 0 and 255.
Defining the Source and Destination Addresses. You must configure
both a source and a destination address for each entry. When you create
entries in an extended ACL, remember that you always specify the source
address first, and then you specify the destination address.
To specify a source or destination address, you use the following syntax:
[any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>]
Table 5-4 lists the options you have for specifying both the source address and
the destination address.
Table 5-4.
Options for Specifying Source and Destination Addresses
Option
any
host <A.B.C.D>
hostname <hostname>
<A.B.C.D> <wildcard bits>
For example, if you want to permit all TCP traffic from any source to any
destination, you enter:
ProCurve(config-ext-nacl)# permit tcp any any
Meaning
matches all hosts
specifies a single IP address or a single host
specifies a single host, using its hostname rather than its
IP address
specifies a range of IP addresses