HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 368
Example of Configuring a Standard ACL To Deny Inbound Traffic from Specific IP Addresses
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 368 highlights
IPv4 Access Control Lists (ACLs) Configuring and Assigning an ACL In a situation opposite to the above, suppose that you wanted to deny inbound IP traffic received on port 20 from 10. 128.93.17 and 10.130.93.25, but permit all other IP traffic on this VLAN. The next ACL achieves this: ProCurve Switch 2610-24(config)# access-list 60 deny host 10.128.93.17 ProCurve Switch 2610-24(config)# access-list 60 deny host 10.28.93.25 ProCurve Switch 2610-24(config)# access-list 60 permit any ProCurve Switch 2610-24(config)# interface 20 ip access-group 60 in ProCurve Switch 2610-24(config)# write mem ProCurve Switch 2610-24(config)# show config Denies IP traffic from the Startup configuration: indicated IP address. Since, for this example, ACL 60 is a new list, this command also creates ; J9085A Configuration Editor; Created on release #R.11.XX the ACL. hostname "ProCurve Switch 2610-24" snmp-server contact "Allen Smith" snmp-server location "Building P" ip access-list standard "50" Show config lists any ACLs and ACL assignments configured in the startup config. permit 10.128.100.10 0.0.0.0 permit 10.128.100.27 0.0.0.0 permit 10.128.80.14 0.0.0.0 exit ip access-list standard "60" ACL "50" from the preceding example. deny 10.128.93.17 0.0.0.0 deny 10.28.93.25 0.0.0.0 ACL "60" is assigned to permit 0.0.0.0 255.255.255.255 filter inbound traffic on port exit 20. interface 10 access-group "50" in exit interface 20 ACL "60" is listed in the switch configuration. access-group "60" in exit ip default-gateway 15.255.152.1 snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged 1-28 ip address dhcp-bootp exit Denies IP traffic from the indicated IP address. Permits IP traffic from all sources. (Traffic from the IP sources in the first two lines is already filtered and dropped.) The deny any with which the switch implicitly concludes all ACLs is preempted by this ACE (but is still present in the ACL). Figure 9-14. Example of Configuring a Standard ACL To Deny Inbound Traffic from Specific IP Addresses 9-44