EasyManua.ls Logo

HP E3800-48G-PoE+-4SFP+

HP E3800-48G-PoE+-4SFP+
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
10-34
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
application on the same interface. For example, configuring an RACL
named “100” to filter inbound routed traffic on VLAN 20, but later, you
configured another RACL named 112 to filter inbound routed traffic
on this same VLAN, RACL 112 replaces RACL 100 as the ACL to use.
Static Port ACLs: These are applied per-port, per port-list, or per
static trunk. Adding a port to a trunk applies the trunk’s ACL config-
uration to the new member. If a port is configured with an ACL, the
ACL must be removed before the port is added to the trunk. Also,
removing a port from an ACL-configured trunk removes the ACL
configuration from that port.
VACLs: These filter any IPv4 traffic entering the switch through any
port belonging to the designated VLAN. VACLs do not filter traffic
leaving the switch or being routed from another VLAN.
VACLs and RACLs Operate On Static VLANs: You can assign an
ACL to any VLAN that is statically configured on the switch. ACLs do
not operate with dynamic VLANs.
A VACL or RACL Affects All Physical Ports in a Static VLAN:
A VACL or RACL assigned to a VLAN applies to all physical ports on
the switch belonging to that VLAN, including ports that have dynam-
ically joined the VLAN.
RACLs Screen Routed IPv4 Traffic Entering or Leaving the
Switch on a Given VLAN Interface: This means that the following
traffic is subject to ACL filtering:
IPv4 traffic arriving on the switch through one VLAN and leaving the
switch through another VLAN
IPv4 traffic arriving on the switch through one subnet and leaving the
switch through another subnet within the same, multinetted VLAN
Filtering the desired, routed traffic requires assigning an RACL to screen
traffic inbound or outbound on the appropriate VLAN(s). In the case of a
multinetted VLAN, it means that IPv4 traffic inbound from different
subnets in the same VLAN is screened by the same inbound RACL, and
IPv4 traffic outbound from different subnets is screened by the same
outbound RACL. (Refer to figure 10-1 on page 10-15.)
RACLs Do Not Filter Switched IPv4 Traffic Unless the Switch
Itself is the SA or DA: RACLs do not filter traffic moving between
ports belonging to the same VLAN or subnet (in the case of a
subnetted VLAN). (IPv4 traffic moving between ports in different
subnets of the same VLAN can be filtered.)

Table of Contents

Other manuals for HP E3800-48G-PoE+-4SFP+

Related product manuals