KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R-92G-PoE+/2SFP+ (No PSU) v2 zl2 Switch

141

142

143

144

145

146

147

148

149

150

Example 84 An ACL listed with the config option

Port-1(config)# show access-list List-120 config

ip access-list extended "List-120"

10 remark "Telnet Allowed"

10 permit tcp 10.30.133.27 0.0.0.0 eq 23 0.0.0.0 255.255.255.255 precedence 0

established

20 deny ip 10.30.133.1 0.0.0.255 0.0.0.0 255.255.255.255 log

30 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

exit

Table 13 Descriptions of data types included in show access-list acl-id output

DescriptionField

The ACL identifier. For IPv6 ACLs, is an alphanumeric name. For IPv4 ACLs, can be a number

from 1 to 199 or an alphanumeric name.

Name

IPv6, Standard, or Extended. IPv6 ACLs use a source and a destination address, plus IPv6

protocol specifiers.

Type

• Standard ACLs are IPv4 only, and use only a source IP address.

• Extended ACLs are available in IPv4 only, and use both source and destination IP

addressing, as well as other IP protocol specifiers.

Yes means the ACL has been applied to an interface.

No means the ACL exists in the switch configuration, but has not been applied to any interface,

and is therefore not in use.

Applied

The sequential number of the ACE in the specified ACL.SEQ

Lists the content of the ACEs in the selected ACL.Entry

Permit (forward) or deny (drop) a packet when it is compared to the criteria in the applicable

ACE and found to match. Includes the optional log option, if used, in deny or permit

actions.

Action

Displays any optional remark text configured for the selected ACE.Remark

Used for IPv4 standard ACEs: The source IPv4 address to which the configured mask is

applied to determine whether there is a match with a packet.

Used for IPv6 ACEs and IPv4 extended ACEs: The source IPv6 or IPv4 address to which the

configured mask is applied to determine whether there is a match with a packet.

Src IP

Used for IPv6 ACEs and IPv4 extended ACEs: The source and destination IP addresses to

which the corresponding configured masks are applied to determine whether there is a match

with a packet.

Dst IP

Used in IPv4 ACEs, the mask is configured in an ACE and applied to the corresponding IP

address in the ACE to determine whether a packet matches the filtering criteria.

Mask

Used in IPv6 ACEs to specify the number of consecutive high-order (leftmost) bits of the source

and destination addresses configured in an ACE to be used to determine a match with a

packet being filtered by the ACE.

Prefix Len (source

and destination)

Used in IPv6 ACEs and IPv4 extended ACEs to specify the packet protocol type to filter.Proto

Used in IPv4 extended ACEs to show any TCP or UDP operator and port numbers included

in the ACE.

Port(s)

Used in IPv6 ACEs to show TCP or UDP source and destination operator and port numbers

included in the ACE.

Src Ports Dst

Ports

Used in IPv6 ACEs to show the DSCP precedence or codepoint setting, if any.DSCP

Used in IPv4 extended ACEs to indicate type-of-service setting, if any.TOS

Used in IPv4 extended ACEs to indicate the IP precedence setting, if any.Precedence

142 IPv6 Access Control Lists (ACLs)