How do I make this ACL on an HP Procurve?

I have an HP Procurve switch that I want to set up an ACL on. I have a host on my network that I want to restrict the access to. Say it's 10.10.47.10. I want to block ALL traffic except for a short list of IPs which I want to have un-restricted access to that host. The IPs are not contigious so I can't use a range. I'd need to be able to enter them one at a time. Which is possible though tedious I believe. It's only about 5-6 IPs that need access to this host though. So in short I need an ACL to specifically allow these 5-6 IPs full access, and then a corresponding Deny All for everything else. This will all be applied to a specific port not globally. Any ideas?
CCB-TechAsked:
Who is Participating?
 
Don JohnstonInstructorCommented:
You don't state if the 5-6 hosts are the same vlan or a different vlan.

EIther way, ACL statements would be similar enough.

conf t
ip access-list Homer
 10 permit ip 10.10.47.10 0.0.0.0 10.10.47.5 0.0.0.0 
 20 permit ip 10.10.47.10 0.0.0.0 10.10.47.51 0.0.0.0
 30 permit ip 10.10.47.10 0.0.0.0 10.10.47.75 0.0.0.0
int b10
 ip access-group Homer in
end
write mem

Open in new window

0
 
CCB-TechAuthor Commented:
The problem with that guide is that I have an HP 5406zl. It does not have a gui for configuration of ACLs. At least not through the web interface. So I need to be able to do it from command line.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
CCB-TechAuthor Commented:
Excellent Don! That is very helpful. All the IP's to be blocked are on the same VLAN. So the first half of the Permit IP is the target IP, and the second is the allowed IP correct? Also, would this be the block command that would be at the end?

40 deny ip any any

Does that look correct?

Thanks!
0
 
Don JohnstonInstructorCommented:
The first address is the source IP address, the second is the destination.

Your line 40 not needed as there is an "implicit deny any" at the end of every ACL.
0
 
CCB-TechAuthor Commented:
Excellent, thank you very much for your help. Expect to see a few more of these type questions in the future :). I had forgotten about the implicit deny at the end. I just tested it out and it works a treat!

Thanks for all your help dude!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.