HP 445942-001 Access Control configuration

Configuration Commands

Access Control configuration

Use these commands to create Access Control Lists (ACLs) and ACL Groups. ACLs define matching criteria used for IP filtering and Quality of Service functions.

Access Control List configuration

These commands allow you to define filtering criteria for each Access Control List (ACL). The following table describes the basic ACL Configuration commands.

Table 155 ACL Configuration commands

	Command	Description

	[no] access-control list <1-	Configures the ACL to function on egress packets.
	384> egress-port <port	The egress port ACL will not match a Layer 2 broadcast or multicast
	number>
	number>	packet. The egress port ACL will not match packets if the destination port

		is a trunk.
		Command mode: Global configuration

	access-control list <1-384>	Configures a filter action for packets that match the ACL definitions. You
	action {permitdenyset-	can choose to permit (pass) or deny (drop) packets, or set the Class of
	priority <0-7>}	Service queue that handles the packets.
		Service queue that handles the packets.
		Command mode: Global configuration

	access-control list <1-384>	Enables or disables the statistics collection for the Access Control List.
	statistics	Command mode: Global configuration
		Command mode: Global configuration

	default access-control list	Resets the ACL parameters to their default values.
	<1-384>	Command mode: Global configuration
		Command mode: Global configuration

	show access-control list <1-	Displays the current ACL parameters.
	384>	Command mode: All except User EXEC
		Command mode: All except User EXEC

ACL Ethernet Filter configuration

These commands allow you to define Ethernet matching criteria for an ACL. The following table describes the Ethernet Filter Configuration commands.

Table 156 Ethernet Filter Configuration commands

Command	Description

access-control list <1-384> ethernet	Defines the source MAC address and MAC mask for this ACL.
source-mac-address <MAC address>	For example:
{<MAC mask>}	00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
	00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
	Command mode: Global configuration

access-control list <1-384> ethernet	Defines the destination MAC address and MAC mask for this
destination-mac-address <MAC address>	ACL. For example:
{<MAC mask>}	00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
	00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc
	Command mode: Global configuration

access-control list <1-384> ethernet	Defines a VLAN number and mask for this ACL.
vlan <1-4095> <mask>	Command mode: Global configuration
	Command mode: Global configuration

	171