HP ProCurve 5300xl Series Management Manual page 370
Advanced traffic
Hide thumbs
Also See for ProCurve 5300xl Series:
- Access security manual (292 pages) ,
- Specification sheet (12 pages) ,
- Management and configuration manual (508 pages)
Table of Contents
Advertisement
Access Control Lists (ACLs) for the Series 5300xl Switches
Planning an ACL Application
Table 9-3.
Example of Using an IP Address and Mask in an Access Control Entry
IP Address in the ACE
A: 18.38.252.195
0.0.0.255
B: 18.38.252.195
0.0.7.255
C: 18.38.252.195
0.0.0.0
D: 18.38.252.195
0.15.255.255 Exact match in the first octet
9-24
Examples Allowing Multiple IP Addresses. Table 9-3 provides examples
of how to apply masks to meet various filtering requirements.
Mask
Policy for a Match Between a
Packet and the ACE
Exact match in first three
octets only.
Exact match in the first two
octets and the leftmost five bits
(248) of the third octet.
Exact match in all octets.
and the leftmost four bits of the
second octet.
Table 9-4.
Mask Effect on Selected Octets of the IP Addresses in Table 9-3
IP
Octet
Mask
Addr
A
3
0
all bits
B
3
7
last 3 bits
C
4
0
all bits
D
2
15
last 4 bits
Shaded areas indicate bit settings that must be an exact match.
If there is a match between the policy in the ACE and the IP address in a packet,
then the packet is either permitted or denied, according to how the ACE is
configured. If there is not a match, the next ACE in the ACL is then applied to
the packet. The same operation applies to a destination IP address (DA) used
in an extended ACE. (Where an ACE includes both source and destination IP
addresses, there is one IP-address/ACL-mask pair for the source address, and
another IP-address/ACL-mask pair for the destination address. See "Configur
ing and Assigning an ACL" on page 9-25.)
CIDR Notation. For information on using CIDR notation to specify ACL
masks, refer to "Using CIDR Notation To Enter the ACL Mask" on page 9-32.
Allowed IP Addresses
18.38.252.< 0-255 >
(See row A in table 9-4, below.)
18.38.< 248-255 >.< 0-255 >
(In the third octet, only the rightmost three bits are
wildcard bits. The leftmost five bits must be a
match, and in the ACE, these bits are all set to 1. See
row B in table 9-4, below.)
18.38.252.195
(There are no wildcard bits in any of the octets. See
row C in table 9-4, below.)
18.< 32-47 >.< 0-255 >.<0-255>
(In the second octet, the rightmost four bits are
wildcard bits. See row D in table 9-4, below.)
Octet
128
64
32
Range
252
1
1
1
248-255
1
1
1
195
1
1
0
32-47
0
0
1
16
8
4
2
1
1
1
0
1
1
0 or 1 0 or 1 0 or 1
0
0
0
1
0
0 or 1 0 or 1
0 or 1 0 or 1
1
0
1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
