EasyManuals Logo

HP J8697A User Manual

HP J8697A
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #441 background imageLoading...
Page #441 background image
10-21
IPv4 Access Control Lists (ACLs)
Overview
An inbound, switched packet entering on port A10, with a destination on port
A12, will be screened by the static port ACL and the VACL, regardless of a
match with any permit or deny action. A match with a deny action (including
an implicit deny) in either ACL will cause the switch to drop the packet. (If
the packet has a match with explicit deny ACEs in multiple ACLs and the log
option is included in these ACEs, then a separate log event will occur for each
match.) The switched packet will not be screened by the RACL.
However, suppose that VLAN 2 in figure 10-4 (page 10-21) is configured with
the following:
â–  A VACL permitting traffic having a destination on the 10.28.10.0
subnet
â–  An RACL that denies inbound traffic having a destination on the
10.28.10.0 subnet
In this case, no IPv4 traffic received on the switch from clients on the
10.28.20.0 subnet will reach the 10.28.10.0 subnet, even though the VACL
allows such traffic. This is because the deny in the RACL causes the switch to
drop the traffic regardless of whether any other VACLs permit the traffic.
Figure 10-4. Example of Order of Application for Multiple ACLs on an Interface
Exception for Connection-Rate Filtering. Connection-rate filtering can
be configured along with one or more other ACL applications on the same
interface. In this case, a connection-rate match for a filter action is carried out
according to the configured policy, regardless of whether any other ACLs on
the interface have a match for a deny action. Also, if a connection-rate filter
permits (ignore action) a packet, it can still be denied by another ACL on the
interface.
VLAN 1
10.28.10.1
(One Subnet)
VLAN 2 with a VACL and
an RACL
10.28.20.1
VLAN 3
(Multiple Subnets)
10.28.40.1 1 0.28.30.1
Switch with IPv4 Routing
10.28.10.5
10.28.20.99
10.28.30.33
Subnet Mask: 255.255.255.0.
• RACL on VLAN2 denies IPv4
traffic having a destination on
the 10.28.10.0 subnet.
• VACL on VLAN2 permits IPv4
traffic having a destination on
the 10.28.10.0 subnet.
Because the RACL on VLAN 2
denies traffic entering the
switch for the 10,28.10.0
subnet destination, no IPv4
traffic received inbound from
clients on the 10.28.20.0 subnet
will reach the 10.28.10.0
subnet, even though the VACL
permits this traffic.
10.28.40.22
A
D
C
E
10.28.20.88
B

Table of Contents

Other manuals for HP J8697A

Preview: Advanced Traffic Management Guide
Advanced Traffic Management Guide460 pages
Preview: Installation Guide
Installation Guide56 pages
Preview: Planning And Implementation Guide
Planning And Implementation Guide58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP J8697A and is the answer not in the manual?

HP J8697A Specifications

General IconGeneral
Ports24
Form FactorRack-mountable
Power SupplyInternal
ManagementManaged
VLAN SupportYes
Jumbo Frame SupportYes
Switching Capacity48 Gbps
Forwarding Rate35.7 Mpps
ModelHP J8697A
Port Type10/100/1000BASE-T
LayerLayer 2

Related product manuals