Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
321322323324325326327328329330
Any IGMP traffic (only) or IGMP traffic of a specific type
Any of the above with specific precedence and/or ToS settings
For an extended ACL ID, use either a unique number in the range of 100-199 or a unique
name string of up to 64 alphanumeric characters.
Carefully plan ACL applications before configuring specific ACLs. For more on this topic, see
“Configuring named, standard ACLs” (page 259).
ACL configuration structure
After you enter an ACL command, you may want to inspect the resulting configuration. This is
especially true where you are entering multiple ACEs into an ACL. Also, it is helpful to understand
the configuration structure when using the following information.
The basic ACL structure includes four elements:
1. ACL identity and type: This identifies the ACL as standard or extendedand shows the ACL
name or number.
2. Optional remark entries.
3. One or more deny/permit list entries (ACEs): One entry per line.
NotesElement
Standard or ExtendedType
Identifier
Alphanumeric; Up to 64 Characters, Including Spaces
Numeric: 1 - 99 (Standard) or 100 - 199 (Extended)
Allows up to 100 alphanumeric characters, including blank spaces. (If any spaces are
used, the remark must be enclosed in a pair of single or double quotes.) A remark is
Remark
associated with a particular ACE and will have the same sequence number as the ACE.
(One remark is allowed per ACE.) See Attaching a remark to an ACE” (page 291).
The upper limit on ACEs supported by the switch depends on the concurrent resource
usage by configured ACL, QoS, IDM, Mirroring, virus-throttling, and other features. See
“IPv4 ACL configuration and operating rules” (page 320).
Maximum ACEs Per
per Switch
4. Implicit Deny:Where an ACL is in use, it denies any packets that do not have a match with
the ACEs explicitly configured in the list. The Implicit Deny does not appear in ACL configuration
listings, but always functions when the switch uses an ACL to filter packets. (You cannot delete
the Implicit Deny, but you cansupersede it with a permit any or permit ip any any
statement.)
Standard ACL structure
Individual ACEs in a standard ACL include only a permit/deny statement, the source addressing,
and an optional log command (available with "deny" statements).
Figure 237 The general structure for a standard ACL
328 IPv4 Access Control Lists (ACLs)