10-48
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an IPv4 ACL
Using the CLI To Create an ACL
You can use either the switch CLI or an offline text editor to create an ACL.
This section describes the CLI method, which is recommended for creating
short ACLs. (To use the offline method, refer to “Creating or Editing ACLs
Offline” on page 10-107.)
General ACE Rules
These rules apply to all IPv4 ACEs you create or edit using the CLI:
■
Inserting or adding an ACE to an ACL:
•
Named IPv4 ACLs:
Add an ACE to the end of a named ACE by using
the
ip access-list
command to enter the Named ACL (
nacl
) context
and entering the ACE without the sequence number. For example, if
you wanted to add a “permit” ACL at the end of a list named “List-1”
to allow traffic from the device at 10.10.10.100:
HP Switch(config)# ip access-list standard List-1
HP Switch(config-std-nacl)# permit host
10.10.10.100
Insert an ACE anywhere in a named ACL by specifying a sequence
number. For example, if you wanted to insert a new ACE as line 15
between lines 10 and 20 in an existing ACL named “List-2” to deny
IPv4 traffic from the device at 10.10.10.77:
HP Switch(config)# ip access-list standard List-2
HP Switch(config-std-nacl)# 15 deny host
10.10.10.77
•
Numbered IPv4 ACLs:
Add an ACE to the end of a numbered ACL
by using the
access-list < 1 - 99 | 100 - 199 >
command. For example, if
you wanted to add a “permit” ACE at the end of a list identified with
the number “11” to allow IPv4 traffic from the device at 10.10.10.100:
HP Switch(config)# access-list 11 permit host
10.10.10.100
Command
Page
access-list (standard ACLs)
access-list (extended ACLs)
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......