Acp Action Summary - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

However, the action specified in the ACL is deny, and when an ACL is part of
an ACP, deny means do not take the action specified in the ACP.
The allow list MatchAll entry is the last in the ACP. Because each ACP
includes an implicit "discard all" at the end of the list, the Secure Router OS
discards the packet from 10.10.10.1.
Server
192.168.1.10
Router A
Core Switch
• Packet matches
deny tcp 10.10.10.0 0.0.0.255
entry in the ACL MatchAll
• Deny means the packet is
selected, but the specified
action is not taken.
• Implicit "discard all" at the
end of list means this packet
is discarded.
Figure 5-10. Processing ACPs

ACP Action Summary

Table 5-10 outlines the actions that the Secure Router OS firewall takes, based
on the entries configured in the ACL and the ACP.
Applying Access Control to Router Interfaces
Using ACPs to Control Access to Router Interfaces
PPP 1
Router B
interface ppp 1
access-policy WAN
ip policy-class WAN
allow list Web
1
discard list Host
3
allow list MatchAll
6
ip access-list extended Web
permit tcp any host 172.16.1.10 eq www
2
ip access-list standard Host
permit 192.168.115.1
4
permit 192.168.5.1
5
ip access-list standard MatchAll
permit tcp 192.168.115.0 0.0.0.255
7
deny tcp 10.10.10.0 0.0.0.255
8
user sends
request to server
192.168.1.10
10.10.10.1
5-41