This section describes how to upload and execute a command file to the switch for configuring or replacing an ACL in the switch configuration. Such files should contain only access control entry (ACE) commands. For more on this general topic, including an Example: of an ACL command file created offline, see the section "Editing ACLs and Creating an ACL Offline" in the "Access Control Lists (ACLs)" chapter of the latest Access Security Guide for your switch.
Syntax:
Copies and executes the named text file from the specified TFTP server address and executes the ACL commands in the file.
<
ip-addr
>The IP address of a TFTP server available to the switch <
filename.txt
>A text file containing ACL commands and stored in the TFTP directory of the server identified by ip-addr
<unix | pc>
The type of workstation used for serial, Telnet, or SSH access to the switch CLI Depending on the ACL commands used, this action does one of the following in the
running-config
file:
Example:
Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains:
HP Switch(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pcThe switch displays this message:
Running configuration may change, do you want to continue [y/n]?To continue with the upload, press the [Y] key. To abort the upload, press the [N] key. Note that if the switch detects an illegal (non-ACL) command in the file, it bypasses the illegal command, displays a notice (as shown in Using the copy command to download and configure an ACL), and continues to implement the remaining ACL commands in the file.
Using the
copy
command to download and configure an ACLHP Switch(config)# copy tftp command-file 10.38.124.18 v1an10_in.txt pc Running configuration may change, do you want to continue [y/n]? y 1. ip access-list extended "155" 2. deny tcp 0.0.0.0 255.255.255.255 10.10.10.2 0.0.0.0 eq 23 1og 3. permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4. show running Command files are limited to access-list commands. 5. exit Switch(config)# show running Running configuration: ; J9091A Configuration Editor; Created on release #W.15.05.0000x ; Ver #01:01:00 hostname "HP Switch" cdp run ip default-gateway 10.38.248.1 logging 10.38.227.2 snmp-server community "public" unrestricted ip access-list extended "155" deny tcp 0.0.0.0 255.255.255.255 10.10.10.2 0.0.0.0 eq 23 1og permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit