KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

281

282

283

284

285

286

287

288

289

290

Table 26 Descriptions of data types included in show access-list < acl-id > output (continued)

DescriptionField

The source and destination IPv4 addresses to which the corresponding configured masks are applied to

determine whether there is a match with a packet.

The mask configured in an ACE and applied to the corresponding IPv4 address in the ACE to determine

whether a packet matches the filtering criteria.

Mask

Used only in extended ACLs to specify the packet protocol type to filter. Must be either IPv4, TCP, or UDP.

For TCP protocol selections, includes the established option, if configured.

Proto

Used only in extended ACLs to show any TCP or UDP operator and port number(s) included in the ACE.Port(s)

Used only in extended ACLs to indicate Type-of-Service setting, if any.TOS

Used only in extended ACLs to indicate the IP precedence setting, if any.Precedence

Viewing all ACLs and their assignments in the routing switch startup-config and

running-config files

The show config and show running commands include in their listings any configured ACLs

and any ACL assignments to VLANs. See “ACL configuration factors” (page 330). Remember that

show config lists the startup-config file and show running lists the running-config file.

Using

Adding or removing an ACL assignment on an interface

Filtering routed IPv4 traffic

For a given VLAN interface on a switch configured for routing, you can assign an ACL as an RACL

to filter inbound IPv4 traffic and another ACL as a RACL to filter outbound IPv4 traffic. You can

also assign one ACL for both inbound and outbound RACLs, and for assignment to multiple VLANs.

For limits and operating rules, see “IPv4 ACL configuration and operating rules” (page 320).

Syntax:

[no] vlan < vid > ip access-group < identifier > < in out >

where: < identifier > =either a ACL name or an ACL ID number.

Assigns an ACL to a VLAN as an RACL to filter routed IPv4 traffic entering or leaving

the switch on that VLAN. You can use either the global configuration level or the

VLAN context level to assign or remove an RACL.

Note: The switch allows you to assign a nonexistent ACL name or number to a

VLAN. In this case, if you subsequently configure an ACL with that name or number,

it automatically becomes active on the assigned VLAN. Also, if you delete an

assigned ACL from the switch without subsequently using the "no" form of this

command to remove the assignment to a VLAN, the ACL assignment remains and

will automatically activate any new ACL you create with the same identifier (name

or number).

Using 281