Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module

661

662

663

664

665

666

667

668

669

670

IP Access Control List Commands

CLI Command Reference

September 2014 Page 666

HP Moonshot Switch Module CLI Command Reference

{deny | permit} (IP ACL)

This command creates a new rule for the current IP access list. Each rule is appended to the list of configured

rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a

minimum, either the every keyword or the protocol, source address, and destination address values must be

specified. The source and destination IP address fields may be specified using the keyword

any to indicate a

match on any value in that field. The remaining command parameters are all optional, but the most frequently

used parameters appear in the same relative order as shown in the command format.

The

time-range parameter allows imposing time limitation on the IP ACL rule as defined by the specified time

range. If a time range with the specified name does not exist and the ACL containing this ACL rule is applied to

an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with specified name

exists and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is

applied when the time-range with specified name becomes active. The ACL rule is removed when the time-

range with specified name becomes inactive. For information about configuring time ranges, see “Time Range

Commands for Time-Based ACLs” on page 676.

The

assign-queue parameter allows specification of a particular hardware queue for handling traffic that

matches this rule. The allowed

queue-id value is 0-6 because the number of user configurable queues available

is 7. The

assign-queue parameter is valid only for a permit rule.

The permit command’s optional attribute rate-limit allows you to permit only the allowed rate of traffic as per

the configured rate in kbps, and burst-size in kbytes.

Example: The following shows an example of the command.

(Routing) (Config)#ip access-list ip1

(Routing) (Config-ipv4-acl)#permit icmp any any rate-limit 32 16

(Routing) (Config-ipv4-acl)#exit

Format

{deny | permit} {every | {{icmp | igmp | ip | tcp | udp | 0–255} srcip srcmask[{eq

{portkey | 0-65535} dstip dstmask [{eq {portkey| 0-65535}] [precedence precedence |

tos tos tosmask | dscp dscp] [log] [time-range time-range-name] [assign-queue queue-

id] [{mirror | redirect} unit/slot/port] [rate-limit rate burst-size]

Mode Ipv4-Access-List Config

Note: The no form of this command is not supported, since the rules within an IP ACL cannot be

deleted individually. Rather, the entire IP ACL must be deleted and re-specified.

Note: An implicit deny all IP rule always terminates the access list.