Displaying Acps - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
You can use this information to review the ACLs that are configured and to
ensure that they are configured correctly.
Displaying ACPs
To view all of the ACPs that are configured on the ProCurve Secure Router,
move to the enable mode context and enter:
Syntax: show ip policy-class
If you are in any other mode context (except the basic mode context), you
can enter:
Syntax: do show ip policy-class
As Figure 5-17 shows, entries for each ACP are displayed in order so you can
determine whether you need to reconfigure the policy. When an ACP is not
enforcing your policies in the way you expected, you may have entered
commands in the wrong order.
ProCurve# show ip policy-class
Policy-class "Inside":
Entry 1 - allow list MatchAll
Policy-class "Outside":
Entry 1 - allow list Region
Entry 2 - allow list InWeb
Entry 3 - discard list MatchAll
Figure 5-17.
Displaying All the ACPs Configured on the Router
For example, in Figure 5-17 the "allow list Region" entry is entered before the
"discard list MatchAll." If the "discard list MatchAll" was the first entry and
the ACL MatchALL included the entry "permit any," the Secure Router OS
would process that entry first and discard all traffic entering the interface.
Because the "allow list Region" and the "allow list InWeb" entries are listed
first, however, the Secure Router OS will process those entries first and allow
any traffic that matches permit entries in these ACLs.
If traffic does not match the "allow list Region" and the "allow list InWeb"
entries, it will match the "discard list MatchAll" and be blocked.
Applying Access Control to Router Interfaces
Viewing ACLs and ACPs
5-51
Advertisement
Chapters
Table of Contents
Troubleshooting
