Configuring Acps - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Applying Access Control to Router Interfaces
Quick Start
N o t e
5-60
To deny all ICMP traffic from a specific host, such as host
192.168.115.90, to any destination, enter:
ProCurve(config-ext-nacl)# deny icmp host 192.168.115.90 any
To deny ICMP traffic from a range of IP addresses to a specific
destination, enter:
ProCurve(config-ext-nacl)# deny icmp <A.B.C.D> <wildcard bits> host
<A.B.C.D>
The entries are processed in the order in which you enter them. In addition,
each ACL contains an implicit "deny any" entry at the end of the list. If you do
not create an entry to allow a specific type of traffic, it will be denied.
3. After configuring the entries for the ACL, enter:
Syntax: exit
4. To apply the ACL to an interface, move to the configuration mode context
for that interface.
ProCurve(config)# interface <interface> <number>
Valid interfaces include PPP interfaces, Frame Relay subinterfaces, ATM
subinterfaces, HDLC interfaces, Ethernet interfaces, and demand inter-
faces. (If you have enabled support for virtual LANs [VLANs], you must
apply the ACL to an Ethernet subinterface.)
5. Apply the ACL to the interface by entering the following command from
the appropriate interface configuration mode context:
Syntax: ip access-group <listname> [in | out]
For example, if you want to apply the Inside ACL to the Ethernet 0/1
interface to control traffic incoming from the LAN to the WAN, enter:
ProCurve(config-eth 0/1)# ip access-group Inside out
For more information about using ACLs alone to control access to a router
interface, read the detailed explanation in this chapter.

Configuring ACPs

When you configure ACPs, you use ACLs to select the traffic. However, the
ACP, rather than the ACL, dictates the action that the ProCurve Secure
Router takes.