Chapter 3
Using Access Control Lists (ACLs)
Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address,
IP protocol information, or TCP or UDP protocol information. You can configure the following types of ACLs:
• Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are 1 – 99 or a
string.
• Extended – Permits or denies packets based on source and destination IP address and also based on IP
protocol information. Valid extended ACL IDs are a number from 100 – 199 or a string.
This chapter also describes Policy-Based Routing (PBR), a feature that allows you to use ACLs and route maps to
selectively modify and route IP packets based on their source IP address.
NOTE: This chapter describes IP forwarding ACLs and management access ACLs only. For information about
ACLs used for BGP4 filtering, see
“Configuring BGP4” on page 10-1.
NOTE: For optimal performance, apply deny ACLs to inbound ports instead of outbound ports. This way, traffic
is dropped as it tries to enter the HP device, instead of being dropped after it has been forwarded internally to the
outbound port.
NOTE: Outbound ACLs do not filter broadcast traffic or any traffic (including ICMP replies) generated by the HP
device itself.
Overview
The following section describes ACLs. To configure ACLs, go to the following sections:
• “Disabling or Re-Enabling Access Control Lists (ACLs)” on page 3-4
• “Configuring Standard ACLs” on page 3-5
• “Configuring Extended ACLs” on page 3-9
• “Configuring Named ACLs” on page 3-18
• “Modifying ACLs” on page 3-19
• “Applying an ACL to a Subset of Ports on a Virtual Interface” on page 3-21
• “Enabling Strict TCP or UDP Mode” on page 3-21
• “Displaying ACLs” on page 3-23
3 - 1
