Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6400cl
411412413414415416417418419420
Access Control Lists (ACLs) for the Series 5300xl Switches
Editing ACLs and Creating an ACL Offline
Creating an ACL Offline
Use a text editor that allows you to create an ASCII text file (.txt).
If you are replacing an ACL on the switch with a new ACL that uses the same
number or name syntax, begin the command file with a “no” command to
remove the earlier version of the ACL from the switch’s running-config file.
Otherwise, the switch will append the new ACEs in the ACL you download to
the existing ACL. For example, if you plan to use the Copy command to replace
ACL “103”, you would place this command at the beginning of the edited file:
no ip access-list extended 103
Removes an existing ACL and replaces it
with a new version with the same identity.
To append new ACEs to the ACL instead of
no ip access-list extended 103
replacing it, you would omit the first line.
ip access-list extended "103"
deny tcp 0.0.0.0 255.255.255.255 10.10.10.2 0.0.0.0 eq 23 log
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Figure 9-23. Example of an Offline ACL File Designed To Replace An Existing ACL
For example, suppose that you wanted to create an extended ACL to fulfill
the following requirements (Assume a subnet mask of 255.255.255.0.):
ID: “Controls for VLAN 20"
Deny Telnet access to a server at 10.10.10.100 on VLAN 10 from these
three IP addresses on VLAN 20 (with ACL logging):
10.10.20.17
10.10.20.23
10.10.20.40
Allow any access to the server from all other addresses on VLAN 20:
Permit internet access to these two IP address on VLAN 20, but deny
access to all other addresses on VLAN 20 (without ACL logging).
10.10.20.98
10.10.20.21
Deny all other traffic from VLAN 20 to VLAN 10.
9-56