EasyManuals Logo

HP PROCURVE 2910AL User Manual

HP PROCURVE 2910AL
594 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #317 background imageLoading...
Page #317 background image
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Thus, the bits set to 1 in a network mask define the part of an IPv4 address to
use for the network number, and the bits set to 0 in the mask define the part
of the address to use for the host number.
In an ACL, IPv4 addresses and masks provide criteria for determining whether
to deny or permit a packet, or to pass it to the next ACE in the list. If there is
a match, the configured deny or permit action occurs. If there is not a match,
the packet is compared with the next ACE in the ACL. Thus, where a standard
network mask defines how to identify the network and host numbers in an
IPv4 address, the mask used with ACEs defines which bits in a packet’s SA or
DA must match the corresponding bits in the SA or DA listed in an ACE, and
which bits can be wildcards.
Rules for Defining a Match Between a Packet and an
Access Control Entry (ACE)
For a given ACE, when the switch compares an IPv4 address and
corresponding mask in the ACE to an IPv4 address carried in a packet:
A mask-bit setting of 0 (“off”) requires that the corresponding bits
in the packet’s address and in the ACE’s address must be the same.
Thus, if a bit in the ACE’s address is set to 1 (“on”), the same bit in the
packet’s address must also be 1.
A mask-bit setting of 1 (“on”) means the corresponding bits in the
packet’s address and in the ACE’s address do not have to be the same.
Thus, if a bit in the ACE’s address is set to 1, the same bit in the packet’s
address can be either 1 or 0 (“on” or “off”).
For an example, refer to “Example of How the Mask Bit Settings Define
a Match” on page 9-31.
In any ACE, a mask of all ones means any IPv4 address is a match.
Conversely, a mask of all zeros means the only match is an IPv4
address identical to the host address specified in the ACE.
Depending on your network, a single ACE that allows a match with
more than one source or destination IPv4 address may allow a match
with multiple subnets. For example, in a network with a prefix of
31.30.240 and a subnet mask of 255.255.240.0 (the leftmost 20 bits),
applying an ACL mask of 0.0.31.255 causes the subnet mask and the
9-29

Table of Contents

Other manuals for HP PROCURVE 2910AL

Preview: Configuration Guide
Configuration Guide194 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP PROCURVE 2910AL and is the answer not in the manual?

HP PROCURVE 2910AL Specifications

General IconGeneral
ModelHP ProCurve 2910al
Switching Capacity128 Gbps
Throughput95.2 Mpps
ManagementWeb, CLI, SNMP
Jumbo Frame SupportYes
ManageableYes
Power100-240 VAC
Power SupplyInternal
Operating Temperature0°C to 45°C (32°F to 113°F)
StackingYes
MAC Address Table Size32000 entries
Routing ProtocolRIP, OSPF
FeaturesIPv6, VLAN, QoS, ACLs
Operating Humidity15% to 95% non-condensing
Uplink Ports4
Power over EthernetYes (PoE+ models available)

Related product manuals