10-109
IPv4 Access Control Lists (ACLs)
Creating or Editing ACLs Offline
■
Deny all other IPv4 traffic from VLAN 20 to VLAN 10.
■
Deny all IPv4 traffic from VLAN 30 (10.10.30.0) to the server at
10.10.10.100 on VLAN 10 (without ACL logging), but allow any other
IPv4 traffic from VLAN 30 to VLAN 10.
■
Deny all other inbound IPv4 traffic to VLAN 20. (Hint: The Implicit
Deny can achieve this objective.)
1.
You would create a
.txt
file with the content shown in figure 10-41.
Figure 10-40. Example of a .txt File Designed for Creating an ACL
2.
After you copy the above .txt file to a TFTP server the switch can access,
you would then execute the following command:
copy tftp command-file 10.10.10.1 LIST-20-IN.txt pc
ip access-list extended LIST-20-IN
; CREATED ON JUNE 27
10 remark "THIS ACE APPLIES INBOUND ON VLAN 20"
10 permit tcp any host 10.10.20.98 eq http
20 permit tcp any host 10.10.20.21 eq http
30 deny tcp any 10.10.20.1/24 eq http
; VLAN 20 SOURCES TO VLAN 10 DESTINATIONS.
40 deny tcp host 10.10.20.17 host 10.10.10.100 eq telnet log
50 deny tcp host 10.10.20.23 host 10.10.10.100 eq telnet log
60 deny tcp host 10.10.20.40 host 10.10.10.100 eq telnet log
70 permit ip 10.10.20.1/24 host 10.10.10.100
80 remark "VLAN 30 POLICY."
80 deny ip 10.10.30.1/24 host 10.10.10.100
90 permit ip 10.10.30.1/24 10.10.10.1/24
exit
vlan 20 ip access-group "LIST-20-in" in
The “
;
”
enables a
comment
in the file.
Note:
You can use the “
;
“ character to denote a comment. The file
stored on your TFTP server retains comments, and they appear
when you use
copy
to download the ACL command file. (Comments
are not saved in the switch configuration.)
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......