HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 282

Applying Access Control to Router Interfaces
Quick Start
5-62
To configure an ACL and apply it to an ACP, complete the following steps:
1. Create the ACL. From the global configuration mode context, enter:
Syntax: ip access-list [standard |extended] <listname>
For example, to create an extended ACL, enter:
ProCurve(config)# ip access-list extended Inside
2. From the ACL configuration mode context, configure permit or deny
entries.
a. If you are configuring a standard ACL, enter:
Syntax: [permit | deny] [any | host {<A.B.C.D> | <hostname>} | <A.B.C.D>
<wildcard bits>]
For example, to select any packet, enter:
ProCurve(config-std-nacl)# permit any
To select a specific host, enter:
ProCurve(config-std-nacl)# permit host 192.168.115.90
To exclude a specific host from the action that you will specify in the
ACP, enter:
ProCurve(config-std-nacl)# deny host 192.168.115.90
b. If you are configuring an extended ACL, enter:
Syntax: permit | deny <protocol> <source address> <source port> <destina-
tion address> <destination port>
Replace <protocol> with one of the following:
– AHP
– ESP
– GRE
– ICMP
– IP
– TCP
– UDP
To specify a source or destination address, use the following syntax:
Syntax: any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>
For example, if you want to select TCP traffic from any source to any
destination, enter:
ProCurve(config-ext-nacl)# permit tcp any any