10-49
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an IPv4 ACL
To insert an ACE anywhere in a numbered ACL, use the same process
as described above for inserting an ACE anywhere in a named ACL.
For example, to insert an ACE denying IPv4 traffic from the host at
10.10.10.77 as line 52 in an existing ACL identified (named) with the
number 11:
HP Switch(config)# ip access-list standard 99
HP Switch(config-std-nacl)# 52 deny host
10.10.10.77
Note After a numbered ACL has been created (using access-list < 1 - 99 | 100 - 199 >),
it can be managed as either a named or numbered ACL, as shown above.
■ Deleting an ACE: Enter the ACL context and delete the sequence
number for the unwanted ACE. (To view the sequence numbers of the
ACEs in a list, use show access-list < acl-name-str > config.)
■ Duplicate ACEs are not allowed in the same ACL. Attempting to enter
a duplicate ACE displays the Duplicate access control entry message.
Using CIDR Notation To Enter the IPv4 ACL Mask
You can use CIDR (Classless Inter-Domain Routing) notation to enter ACL
masks. The switch interprets the bits specified with CIDR notation as the
address bits in an ACL and the corresponding address bits in a packet that
must match. The switch then converts the mask to inverse notation for ACL
use.
Table 10-6. Examples of CIDR Notation for Masks
Address Used In an ACL
with CIDR Notation
Resulting ACL Mask Meaning
10.38.240.125/15 0.1.255.255 The leftmost 15 bits must match; the
remaining bits are wildcards.
10.38.240.125/20 0.0.15.255 The leftmost 20 bits must match; the
remaining bits are wildcards.
10.38.240.125/21 0.0.7.255 The leftmost 21 bits must match; the
remaining bits are wildcards.
10.38.240.125/24 0.0.0.255 The leftmost 24 bits must match; the
remaining bits are wildcards.
18.38.240.125/32 0.0.0.0 All bits must match.
To Next Page
Loading...
Need help?
General