IPv4 Access Control Lists (ACLs)
Configuring Standard ACLs
A standard ACL uses only source IPv4 addresses in its ACEs. This type of ACE
is useful when you need to:
■ Permit or deny any IPv4 traffic based on source address only.
■ Quickly control the IPv4 traffic from a specific address. This allows
you to isolate IPv4 traffic problems generated by a specific device,
group of devices, or a subnet threatening to degrade network perfor-
mance. This gives you an opportunity to troubleshoot without sacri-
ficing performance for users outside of the problem area.
A named, standard ACL is identified by an alphanumeric string of up to 64
characters and is created by entering the Named ACL (nacl) context. A
numbered, standard ACL is identified by a number in the range of 1 - 99 and
is created without having to leave the global config context. Note that the CLI
command syntax for creating a named ACL differs from the command syntax
for creating a numbered ACL. For example, the first pair of entries below
illustrate how to create (or enter) a named, standard ACL and enter an ACE.
The next entry illustrates creating a numbered, standard ACL with the same
ACE.
ProCurve(config)# ip access-list standard Test-List
ProCurve(config-std-nacl)# permit host 10.10.10.147
ProCurve(config)# access-list 1 permit host 10.10.10.147
Note that once a numbered ACL has been created, it can be accessed using
the named ACL method. This is useful if it becomes necessary to edit a
numbered ACL by inserting or removing individual ACEs. (Inserting or delet-
ing an ACE is done by sequence number, and requires the Named ACL (nacl)
context.) The switch allows a maximum of 512 unique ACL identities. (For
more on this topic, refer to “Monitoring Shared Resources” on page 9-100.)
Note For a summary of standard ACL commands, refer to table 9-6 on page 9-44.
For a summary of all IPv4 ACL commands, refer to tables 9-1 and 9-2 on pages
9-6 and 9-8.
9-45
