HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 233
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Applying Access Control to Router Interfaces
Using ACLs Alone to Configure Access Control
To deny all ICMP traffic from a specific host, such as host 192.168.1.1, to any
destination, you enter:
ProCurve(config-ext-nacl)# deny icmp host 192.168.1.1 any
To deny ICMP traffic from a range of IP addresses to a specific destination,
enter:
Syntax: deny icmp <A.B.C.D> <wildcard bits> host <A.B.C.D>
Replace the first <A.B.C.D> with the IP address that represents the range of
IP address that, in this case, you want to block. For example, you may want
to block IP addresses from 192.168.1.0 /24. Then replace <wildcard bits>
with a reverse logic mask so that the router will check the appropriate part of
the IP address.
For example, if you want to block the entire 192.168.1.0 /24 network, you might
enter the wildcard bit 0.0.0.255. (For more information about wildcard bits,
see Figure 5-3 on page 5-10.)
Replace the second <A.B.C.D> with the IP address for the destination device.
For example, if you want to block all traffic from the 192.168.1.0 /24 network
to the server with the IP address 10.15.1.1, you would replace <A.B.C.D> with
10.15.1.1.
Specifying a Source or Destination Port for TCP and UDP. If you are
configuring ACL entries to select TCP or UDP traffic, you can also specify
source and destination ports—although this is optional. For example, you
could specify the well-known port 80 for HTTP traffic if you wanted to permit
only this type of traffic on this port.
There is a drawback to using a port number, however. The Secure Router OS
will match the type of traffic only on that port. If a device transmits the traffic
you are targeting on another port, the Secure Router OS will not match that
traffic to your ACL.
To view the options available for specifying ports, enter one of the following:
ProCurve(config-ext-nacl)# permit tcp any ?
ProCurve(config-ext-nacl)# deny tcp any ?
ProCurve(config-ext-nacl)# permit udp any ?
ProCurve(config-ext-nacl)# deny udp any ?
5-13
Advertisement
Chapters
Table of Contents
Troubleshooting
