Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
281282283284285286287288289290
Assigns an ACL as a static port ACL to a port, port list, or static trunk to filter any
IPv4 traffic entering the switch on that interface. You can use either the global
configuration level or the interface context level to assign or remove a static port
ACL.
NOTE: The switch allows you to assign a nonexistent ACL name or number to an
interface. In this case, if you subsequently configure an ACL with that name or
number, it automatically becomes active on the assigned interface. Also, if you
delete an assigned ACL from the switch without subsequently using the "no" form
of this command to remove the assignment to an interface, the ACL assignment
remains and will automatically activate any new ACL you create with the same
identifier (name or number).
Figure 195 Methods for enabling and disabling ACLs
Classifier-based rate-limiting with RL-PACLs
NOTE: Beginning with software release K.14.01 this feature has been deprecated in favor of a
classifier-based rate-limiting feature that does not use ACLs. If it is already configured in a switch
running software version K.13.xx, then downloading and booting from release K.14.01 or greater
automatically modifies the deprecated configuration to conform to the classifier-based rate-limiting
supported in release K.14.01 or greater. For more information on this topic, see "Classifier-Based
Software Configuration" in the Advanced Traffic Management Guide for your switch.
Creating ACLs
Use either the switch CLI or an offline text editor to create an ACL. The CLI method is recommended
for creating short ACLs.
Using the CLI to create an ACL
Inserting or adding an ACE to an ACL
These rules apply to all IPv4 ACEs you create or edit using the CLI:
Named IPv4 ACLs:
Add an ACE to the end of a named ACE by using the ip access-list command
to enter the Named ACL ( nacl) context and entering the ACE without the sequence
number.
For example, if you wanted to add a "permit" ACL at the end of a list named "List-1"
to allow traffic from the device at 10.10.10.100:
HP Switch(config)# ip access-list standard List-1
HP Switch(config-std-nacl)# permit host 10.10.10.100
Using 283