KB.15.15

HP Switch(config-crf-nacl)#

If the ACL already exists, this command simply puts the CLI into the ACE context.

Syntax:

<filter | ignore> ip< any | host ip-addr | ip-addr

mask-length | [>]

Used in the ACE context to specify the action of the connection-rate ACE and the

source IP address of the traffic that the ACE affects.

The filter option assigns policy filtering to traffic with source IP address (SA)

matching the source address in the ACE. The ignore option specifies bypassing

policy filtering for traffic with an SA that matches the source address in the ACE.

ip< any | host ip-addr | ip-addr mask-length | [>]

Specifies the SA criteria for traffic addressed by the ACE.

any

Applies the ACEs action (filter or ignore) to traffic having any SA.

host ip-addr

Applies the ACEs action (filter or ignore) to traffic having the specified host

SA.

ip-addr mask-length

Applies the ACEs action (filter or ignore) to traffic having an SA within the

range defined by either:

<src-ip-addr/cidr-mask-bits>

<src-ip-addr<mask>>

Use this criterion for traffic received from either a subnet or a group of IP addresses.

The mask can be in either dotted-decimal format or CIDR format with the number

of significant bits. See “Using an ACL in a connection-rate configuration example”

(page 62).

Configuring a connection-rate ACL using UDP/TCP criteria

To configure a connection-rate ACL using source IP address criteria, see “Configuring a

connection-rate ACL using source IP address criteria” (page 58).

Syntax:

ip access-list connection-rate-filter crf-list-name

Creates a connection-rate-filter ACL and puts the CLI into the ACE context:

HP Switch(config-crf-nacl)#

If the ACL already exists, this command simply puts the CLI into the ACE context.

Syntax:

<filter | ignore> | <udp | tcp> <host ip-addr> [

udp/tcp-options ]

ip-addr mask-length [ udp/tcp-options ]

Configuring and applying connection-rate ACLs 59