A SERVICE OF

logo

Open as PDF
next previous
o <ACL-IP-SPEC> - specify the source or destination IP addresses to
match. The following formats may be used to specify IP addresses:
* IP-ADDR MASK - match addresses dened by IP-ADDR using the bits
set to zero in MASK.
* IP-ADDR/MASK-LEN - the mask is one in which the high order MASK-LEN
bits are zeros, and the remaining bits are ones.
172.16.0.0/18 translates to 172.16.0.0 0.0.63.255
* host IP-ADDR - match a specic host; implies a mask of all zeros.
* any - match any IP address.
o log - log all matches.
o <ip|tcp|udp> - specify protocol on which to match packets.
o <ACL-PORT-SPEC> - for tcp or udp entries, specify the ports on which
to match. Port numbers may be specied as integers in the range
1-65535, or by using protocol names for certain well-known ports.
The following port specications may be used:
* eq <port> - match packets from (to) the specied port.
* neq <port> - match all packets except those from (to) the specied
port.
* lt <port> - match packets from (to) port numbers less than the
specied port.
* gt <port> - match packets from (to) port numbers greater than the
specied port.
* range <port> <port> - match packets from (to) port numbers between
the rst and second ports, inclusive. The rst port
specied must be less than the second port specied.
The following well-known ports may be referred to by name:
TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp,
ssl, telnet
UDP: bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp,
snmp-trap, tftp
OVERVIEW FOR IPV6 ACLS
Category:
configPrimary context:
Related Commands
Note: This information is preliminary; the nal detailed command list is coming soon.
Usage for IPv6 ACL Commands
Create an IPv6 ACL or add an ACE to the end of an existing IPv6 ACL:
ProCurve(cong)# ipv6 access-list <name-str>
ProCurve(cong-ipv6-acl)# <deny|permit>
<ipv6|esp|ah|sctp|ipv6-protocol-nbr>
<any|host <SA>|SA/<prex-length>>
<any|host <DA>|DA/<prex-length>>
<tcp|upd>
<any|host <SA>|SA/<prex-length>>
[comparison-operator <value>]
60© 2009 Hewlett-Packard Development Company, L.P.
access-listCommand Line Interface Reference Guide