HP VPN Firewall Appliances Access Control Command Reference

Table Of Contents

Default command level

2: System level

Parameters

net-address: Specifies a subnet IP address.

wildcard-mask: Specifies the wildcard mask of the subnet IP address.

exclude ip-address: Specifies an IP address to be excluded from the subnet IP address.

Usage guidelines

A subnet address object can comprise only one subnet address. If you execute the subnet command

multiple times, the most recent configuration takes effect.

Only after you add a subnet IP address to a subnet address object, can you exclude IP addresses from

the subnet IP address. You can use the subnet exclude ip-address command multiple times to exclude

multiple IP addresses from the subnet IP address.

Examples

# Add subnet IP address 3.3.3.0/24 to subnet address object subnettest on the default VD and exclude

3.3.3.1 and 3.3.3.255 from the subnet IP address.

<Sysname> system-view

[Sysname] object network subnet subnettest

[Sysname-obj-network-subnettest] subnet 3.3.3.1 0.0.0.255

[Sysname-obj-network-subnettest] subnet exclude 3.3.3.1

[Sysname-obj-network-subnettest] subnet exclude 3.3.3.255

# Add subnet IP address 3.3.3.0/24 to subnet address object subnettest on VD virdev and exclude

3.3.3.1 and 3.3.3.255 from the subnet IP address.

<Sysname> system-view

[Sysname] switchto vd virdev

[Sysname-vsys-virdev] object network subnet subnettest

[Sysname-vsys-virdev-obj-network-subnettest] subnet 3.3.3.1 0.0.0.255

[Sysname-vsys-virdev-obj-network-subnettest] subnet exclude 3.3.3.1

[Sysname-vsys-virdev-obj-network-subnettest] subnet exclude 3.3.3.255