Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R zl2 Switch
251252253254255256257258259260
10 IPv4 Access Control Lists (ACLs)
Configuring
Configuring named, standard ACLs
For a match to occur with an ACE in an extended ACL, a packet must have the source and
destination address criteria specified by the ACE, as well as any IPv4 protocol-specific criteria
included in the command.
This section describes the commands for performing the following:
creating and/or entering the context of a named, standard ACL
appending an ACE to the end of an existing list or entering the first ACE in a new list
Entering the IPv4 named ACL context
This command is a prerequisite to entering or editing ACEs in a named ACL.
Syntax:
ip access-list standard < name-str>
Places the CLI in the "Named ACL" (nacl) context specified by the < name-str >
alphanumeric identifier. This enables entry of individual ACEs in the specified ACL.
If the ACL does not already exist, this command creates it.
<namestr>: Specifies an identifier for the ACL. Consists of an alphanumeric
string of up to 64 case-sensitive characters. Including spaces in the string requires
that you enclose the string in single or double quotes. For example: Accounting
ACL.
Configuring ACEs in a named, standard ACL
Configuring ACEs is done after using the ip access-list standard < name-str >
command described above to enter the "Named ACL" ( nacl) context of an access list. See
“Configuring ACEs in a named, standard ACL” (page 259).
Syntax:
<deny | permit>
<any | host < SA > | SA <mask | SA/ mask-length >> [log]
Executing this command appends the ACE to the end of the list of ACEs in the
current ACL. In the default ACL configuration, ACEs are automatically assigned
consecutive sequence numbers in increments of 10 and can be renumbered using
resequence (See 290.)
NOTE: To insert a new ACE between two existing ACEs, precede deny or
permit with an appropriate sequence number. See “Inserting an ACE in an existing
ACL” (page 288).
<deny | permit>
For named ACLs, used in the "Named ACL" ( nacl) context to configure an ACE.
Specifies whether the ACE denies or permits a packet matching the criteria in the
ACE, as described below.
< any | host < SA > | SA <mask | SA/ mask-length >>
Configuring 259