Types Of Acls; Acl Configuration Structure - HP ProCurve 5300xl Series Management Manual

Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
9-26

Types of ACLs

Standard ACL: Uses only a packet's source IP address as a criterion
■
for permitting or denying the packet. For a standard ACL ID, use either
a unique numeric string in the range of 1-99 or a unique name string
of up to 64 alphanumeric characters.
Extended ACL: Offers the following criteria as options for permit­
■
ting or denying a packet:
• Source IP address
• Destination IP address
• TCP or UDP criteria
For an extended ACL ID, use either a unique number in the range of 100-
199 or a unique name string of up to 64 alphanumeric characters.
You should carefully plan your ACL application before configuring specific
ACLs. For more on this topic, refer to "Planning an ACL Application" on page
9-16.

ACL Configuration Structure

After you enter an ACL command, you may want to inspect the resulting
configuration. This is especially true where you are entering multiple ACEs
into an ACL. Also, it will be helpful to understand the configuration structure
when using later sections in this chapter.
The basic ACL structure includes three elements:
1. List type and name: This identifies the ACL as standard or extended and
shows the ACL name.
2. One or more deny/permit list entries (ACEs): One entry per line.
Element
ID Range
Minimum ACEs per ACL
Maximum ACEs Per ACL
and per Switch
3. Implicit deny any: Where an ACL is in use, the switch denies any packets
that do not have a match with the ACEs explicitly configured in the ACL.
The implicit deny any does not appear in ACL configuration listings, but
Stnd Ext Notes
1 - 99 100 - 199 You can also use an alphanumeric name
of up to 64 characters, including spaces.
1
1024 The switch allows a total of 1024 ACEs
across all ACLs.