HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 372
Comparison Operator, Port Number or Well-Known Port Name, Syntax, tcp/udp-port-nbr, src-ip-addr
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 372 highlights
IPv4 Access Control Lists (ACLs) Configuring and Assigning an ACL Comparison Operator: • eq < tcp/udp-port-nbr > - "Equal To"; to have a match with the ACE entry, the TCP or UDP source port number in a packet must be equal to < tcp/udp-port-nbr >. Port Number or Well-Known Port Name: Use the TCP or UDP port number required by your application. The switch also accepts these well-known TCP or UDP port names as an alternative to their corresponding port numbers: • TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp, ssl, telnet • UDP: bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp, snmp-trap, tftp To list the above names, press the [Shift] [?] key combination after entering an operator. For a comprehensive listing of port numbers, visit www.iana.org/assignments/port numbers. < any | host < dest-ip-addr > | ip-addr/mask-length > In an extended ACL, this parameter defines the destination IP address (DA) that a packet must carry in order to have a match with the ACE. The options are the same as shown for < src-ip-addr >. [< dest-port tcp/udp-id >] In an extended ACL, this parameter defines the TCP or UDP destination port number a packet must carry in order to have a match with the extended ACE. The options are the same as shown above on the preceding page for the source IP address. [ log ] Optional; generates an ACL log message if: • The action is deny. (This option is not configurable for Permit.) • There is a match. • ACL logging is enabled on the switch. (Refer to "Enabling ACL Logging on the Switch" on page 9-69) Syntax: interface < port-list > ip access-group < list-# | name-str > in Assigns an ACL, designated by an ACL list number or ASCII string (alphanumeric list name), to an interface to filter inbound IP traffic on that interface. To configure named ACLs, refer to "Configuring a Named ACL" on page 9-51. 9-48