3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module

210 CHAPTER 23: LOGON USER ACL CONTROL CONFIGURATION

By default, the system does not restrict incoming/outgoing requests.

Define rules

Basic ACL view

rule [ rule-id ] { permit |

deny } [ source {

source-addr wildcard | any

} | fragment | time-range

name | vpn-instance

instance-name ]*

When Telnet and SSH

users use basic and

advanced ACLs, only the

parameters source-addr

and the wildcard,

dest-addr and the wildcard

parameter, and the

time-range keyword in

the command are valid.

Advanced ACL

view

rule [ rule-id ] { permit |

deny } protocol [ source {

source-addr wildcard | any

} ] [ destination {

dest-addr wildcard | any } ]

[ source-port operator

port1 [ port2 ] ] [

destination-port

operator port1 [ port2 ] ] [

icmp-type type code ] [

established ] [ [

precedence precedence |

tos tos ]* | dscp dscp ] [

fragment ] [bt-flag ]

[time-range name ] [

vpn-instance

instance-name ]

Layer 2 ACL view

rule [ rule-id ] { permit |

deny } [ cos cos-value |

c-tag-cos c-cos-value |

exp exp-value |

protocol-type | mac-type {

any-broadcast-packet |

arp-broadcast-packet |

non-arp-broadcast-pack

et | { { unicast-packet |

multicast-packet } [

known | unknown ] } } |

ingress { { source-vlan-id [

to source-vlan-id-end ] |

source-mac-addr

source-mac-wildcard |

c-tag-vlan c-tag-vlanid }* |

any } | egress {

dest-mac-addr

dest-mac-wildcard | any } |

s-tag-vlan s-tag-vlanid |

time-range name ]*

When Telnet and SSH

users use an Layer 2 ACL,

only the source-mac-addr

and the

source-mac-wildcard

parameter, and the

time-range keyword in

the command are valid.

Exit ACL view quit -

Enter user interface view

user-interface [ type ]

first-number

-

Apply ACLs to

restrict

inbound/outboun

d requests of

Telnet or SSH

users

Apply basic or

advanced ACLs

acl acl-number1 {

inbound | outbound }

The acl-number1

parameter indicates the

number of the basic or

advanced ACLs, in the

range of 2,000 to 3,999.

Apply Layer 2

ACLS

acl acl-number2 inbound

The acl-number2

parameter indicates the

number of the Layer 2

ACL, in the range of 4,000

to 4,999.

Table 181 Configuration tasks

Configuration procedure Command Description