Quality of Service

ACL configuration examples

Configure Access Control Lists (CLI example)

The following configuration examples illustrate how to use Access Control Lists (ACLs) to block traffic. These basic configurations illustrate common principles of ACL filtering.

NOTE: Each ACL filters traffic that ingresses on the port to which the ACL is added. The egrport classifier filters traffic that ingresses the port to which the ACL is added, and then egresses the port specified by egrport. In most common configurations, egrport is not used.

Example 1 Use this configuration to block traffic to a specific host.

>> Main# /cfg/acl/acl

255

(Define ACL 255)

>> ACL 255# ipv4/dip 100.10.1.116 255.255.255.255

 

>> Filtering IPv4# ..

 

 

>> ACL 255# action deny

 

>> ACL 255# /cfg/port 20/aclqos

(Add ACL to port 20)

>> Port 20

ACL# add acl 255

 

>> Port 20

ACL# apply

 

 

>> Port 20

ACL# save

 

 

In this example, all traffic that ingresses on port 20 is denied if it is destined for the host at IP address 100.10.1.116.

Example 2 Use this configuration to block traffic from a network destined for a specific host address.

>> Main# /cfg/acl/acl 256

(Define ACL 256)

>> ACL 256# ipv4/sip 100.10.1.0 255.255.255.0

 

>> ACL 256# ipv4/dip 200.20.1.116 255.255.255.255

 

>> Filtering IPv4# ..

 

>> ACL 256# action deny

 

>> ACL 256# /cfg/port 20/aclqos

(Add ACL to port 20)

>> Port 20

ACL# add acl 256

 

>> Port 20

ACL# apply

 

>> Port 20

ACL# save

 

In this example, all traffic that ingresses on port 20 with source IP from the class 100.10.1.0/24 and destination IP 200.20.1.116 is denied.

92

Page 92
Image 92
HP 445946-001 manual ACL configuration examples, Configure Access Control Lists CLI example