EasyManuals Logo
Home>HP>Switch>ProCurve 5300xl Series

HP ProCurve 5300xl Series User Manual

HP ProCurve 5300xl Series
664 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #425 background imageLoading...
Page #425 background image
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
ACL Operation
Note The order in which an ACE occurs in an ACL is significant. For example, if an
ACL contains six ACEs, but the first ACE is a “permit IP any”, then the ACL
permits all IP traffic, and the remaining ACEs in the list do not apply, even if
they specify criteria that would make a match with any of the traffic permitted
by the first ACE.
For example, suppose you want to configure an ACL on the switch (with an
ID of “100”) to invoke these policies:
1. Permit all inbound traffic on port 12 sent from IP address 11.11.11.42.
2. Deny only the inbound Telnet traffic sent from IP address 11.11.11.101.
3. Permit only inbound Telnet traffic sent from IP address 11.11.11.33.
4. Deny all other inbound traffic on port 12.
The following ACL model, when assigned to inbound filtering on port 12,
supports the above case:
4
2. Denies Telnet traffic from source address 11.11.11.101. Packets
matching this criterion are dropped and are not compared to
later criteria in the list. Packets not matching this criterion are
compared to the next entry in the list.
1. Permits IP traffic inbound from source address 11.11.11.42.
Packets matching this criterion are permitted and will not be
compared to any later ACE in the list. Packets not matching this
criterion will be compared to the next entry in the list.
4. Permits Telnet traffic from source address 11.11.11.33. Packets
matching this criterion are permitted and are not compared to
any later criteria in the list. kets not matching this criterion
are compared to the next entry in the list.
5. This entry does not appear in an actual ACL, but is implicit as
the last entry in every ACL. Any inbound packets on port 12 that
do not match any of the criteria in the ACLs preceding entries
will be denied (dropped).
1
2
3. Permits any IP traffic from source address 11.11.11.101. Any
packets matching this criterion will be permitted and will not be
compared to any later criteria in the list. Because this entry
comes after the entry blocking Telnet traffic from this same
address, there will not be any Telnet packets to compare with
this entry; they have already been dropped as a result of
matching the preceding entry.
3
5
Pac
Figure 10-5. Example of How an ACL Filters Packets
10-15

Table of Contents

Other manuals for HP ProCurve 5300xl Series

Preview: Access Security Guide
Access Security Guide292 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 5300xl Series and is the answer not in the manual?

HP ProCurve 5300xl Series Specifications

General IconGeneral
BrandHP
ModelProCurve 5300xl Series
CategorySwitch
LanguageEnglish

Related product manuals