HP 7000 dl Router manual

Command Reference Guide	Tunnel Configuration Command Set

ip access-group <listname> [in out]

Use the ip access-groupcommand to create an access list to be used for packets transmitted on or received from the specified interface. Use the no form of this command to disable this type of control.

Syntax Description

<listname>	Assigns an IP access list name.
in	Enables access control on packets received on the specified interface.
out	Enables access control on packets transmitted on the specified interface.

Default Values

By default, these commands are disabled.

Command Modes

(config-interface)#	Interface Configuration Mode
	Valid interfaces include: Ethernet (eth 0/1), PPP virtual interfaces (ppp 1), HDLC
	virtual interfaces (hdlc 1), Frame Relay virtual sub-interfaces (fr 1.20), tunnel
	interfaces (tunnel 1), and VLAN interface (vlan 1).

Functional Notes

When this command is enabled, the IP destination address of each packet must be validated before being passed through. If the packet is not acceptable per these settings, it is dropped.

Usage Examples

The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured TelnetOnly IP access list) into the tunnel interface:

(config)#ip access-list extended TelnetOnly (config-ext-nacl)#permit tcp any any eq telnet (config-ext-nacl)#interface tunnel 1 (config-tunnel 1)#ip access-group TelnetOnly in

5991-2114

HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 785

Models: 7000 dl Router

Tunnel Configuration Command Set

ip access-group <listname> [in out]

out

Functional Notes

Usage Examples

© Copyright 2005 Hewlett-Packard Development Company, L.P.

785