HP ProCurve 8200ZL manual 62

o <ACL-IP-SPEC> - specify the source or destination IP addresses to match. The following formats may be used to specify IP addresses:

*IP-ADDR MASK - match addresses defined by IP-ADDR using the bits set to zero in MASK.

*IP-ADDR/MASK-LEN - the mask is one in which the high order MASK-LEN bits are zeros, and the remaining bits are ones. 172.16.0.0/18 translates to 172.16.0.0 0.0.63.255

*host IP-ADDR - match a specific host; implies a mask of all zeros.

o log - log all matches.

o <iptcpudp> - specify protocol on which to match packets.

o <ACL-PORT-SPEC> - for tcp or udp entries, specify the ports on which to match. Port numbers may be specified as integers in the range

1-65535, or by using protocol names for certain well-known ports. The following port specifications may be used:

*eq <port> - match packets from (to) the specified port.

*neq <port> - match all packets except those from (to) the specified port.

*lt <port> - match packets from (to) port numbers less than the specified port.

*gt <port> - match packets from (to) port numbers greater than the specified port.

*range <port> <port> - match packets from (to) port numbers between the first and second ports, inclusive. The first port specified must be less than the second port specified.

The following well-known ports may be referred to by name: TCP: bgp, dns, ftp, http, imap4, ldap, nntp, pop2, pop3, smtp,

ssl, telnet

UDP: bootpc, bootps, dns, ntp, radius, radius-old, rip, snmp, snmp-trap, tftp

OVERVIEW FOR IPV6 ACLS

Category:

Related Commands

Note: This information is preliminary; the final detailed command list is coming soon.

Usage for IPv6 ACL Commands

Create an IPv6 ACL or add an ACE to the end of an existing IPv6 ACL:

ProCurve(config)# ipv6 access-list <name-str> ProCurve(config-ipv6-acl)# <denypermit>

<ipv6espahsctpipv6-protocol-nbr> <anyhost <SA>SA/<prefix-length>> <anyhost <DA>DA/<prefix-length>>

<tcpupd>

<anyhost <SA>SA/<prefix-length>> [comparison-operator <value>]