Manualshelf

Configuration Guide for A7000 dl T1 and E1 WAN Interfaces 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP 2-port T1 dl Module
11121314151617181920
Access Policy Action Statements Understanding SROS Queuing Methods
18 5991-3823
The following outlines the syntax for creating a standard ACL entry:
permit | deny <source address>
Select the traffic into the list using the permit keyword, or block the traffic from the list using the deny
keyword. The source IP addresses can be entered in one of three ways:
1. Using the keyword any to match any IP address. For example, entering deny any will effectively shut
down the interface that uses the access list because all traffic will match the any keyword.
2. Using the host <A.B.C.D> to specify a single host address. For example, entering permit host
192.168.22.253 will allow all traffic from the host with an IP address of 192.168.22.253.
3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range.” Wildcard masks work
in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care.” For
example, entering permit 192.168.0.0 0.0.0.255 will permit all traffic from the 192.168.0.0/24 network.
Extended ACLs provide flexible pattern matching on various different parameters. The following lists the
complete syntax for the ip access-list extended commands:
<action> <protocol> <source IP> <source port> <destination ip> <destination port>
For example:
For detailed information regarding the extended ACL matching parameters, refer to the SROS Command
Line Interface Reference Guide on your ProCurve Secure Router OS System Documentation CD.
Access Policy Action Statements
SROS access policies are used to permit, deny, or manipulate (using NAT) data for each interface. Each
ACP consists of a selector (access list) and an action (allow, discard, NAT). When packets are received on
an interface, the configured ACPs are applied to determine whether the data will be processed or discarded.
Possible actions performed by the access policy are as follows:
or:
[permit | deny icmp [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>]
[any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <icmp-type>* <icmp-code>* <icmp-message>*
* = optional
Source IP Address
Destination IP Address
[permit | deny] [ip | tcp | udp] [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>]
<source port>* [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <destination port>*
Source IP Address
Destination IP Address