Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
261262263264265266267268269270
1. Create and/or enter the context of a named, extended ACL.
2. Enter the first ACE in a new, extended ACL or append an ACE to the end of an existing,
extended ACL.
The following command is a prerequisite to entering or editing ACEs in a named, extended ACL.
Syntax:
ip accesslist extended <name-str>
Places the CLI in the "Named ACL" (nacl) context specified by the <name-str>
alphanumeric identifier. This enables entry of individual ACEs in the specified ACL.
If the ACL does not already exist, this command creates it.
<name-str>
Specifies an alphanumeric identifier for the ACL. Consists of an alphanumeric string
of up to 64 case-sensitive characters. Including spaces in the string requires that
you enclose the string in single or double quotes. For example:accounting ACL.
You can also use this command to access an existing, numbered ACL. See“Using
the CLI to edit ACLs” (page 319).
Configuring ACEs in named, extended ACLs
Configuring ACEs is done after using the ip access-list standard <name-str> command
described. See Table 34 (page 330) to enter the "Named ACL" (nacl) context of an ACL.
See “Standard ACL structure” (page 328) for filtering criteria, extended ACLs use multiple filtering
criteria. This enables you to more closely define your IPv4 packet-filtering.
Syntax
< deny | permit > < ip | ip-protocol | ip-protocol-nbr
>
< any | host < SA > | SA <mask | SA/ mask-length >>
<any | host < DA > | DA <mask | DA/ mask-length>>
[precedence] [tos] [log]
Appends an ACE to the end of the list of ACEs in the current ACL. In the default
configuration, ACEs are automatically assigned consecutive sequence numbers in
increments of 10 and can be renumbered using resequence, see “Resequencing
the ACEs in an ACL” (page 290)).
Note: To insert a new ACE between two existing ACEs in an extended, named
ACL, precede deny or permitwith an appropriate sequence number along with
the ACE keywords and variables you want. See “Inserting an ACE in an existing
ACL” (page 288).
For a match to occur, a packet must have the source and destination addressing
criteria specified in the ACE, as well as:
the protocol-specific criteria configured in the ACE, including any included,
optional elements (described later in this section)
any (optional) precedence and/or ToS settings configured in the ACE
< deny | permit >
For named ACLs, these keywords are used in the "Named ACL" (nacl) context to
specify whether the ACE denies or permits a packet matching the criteria in the
ACE, as described below.
<ip | ip-protocol|ip-protocol-nbr>
264 IPv4 Access Control Lists (ACLs)