EasyManua.ls Logo

HP ProCurve 6120G/XG User Manual

HP ProCurve 6120G/XG
606 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #342 background imageLoading...
Page #342 background image
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Rule Usage
There is only one implicit “deny any” entry per device for CLI ACLs,
and one implicit “deny any” entry per device for IDM ACLs.
The implicit “deny any” entry is created only the first time an ACL is
applied to a port. After that the port-map is updated for that “deny
any” entry to include or remove additional ports.
Each ACE, including the implicit deny any ACE in a standard ACL,
uses one rule.
There is a separate rule for every ACE whether the ACE uses the same
mask or a new mask.
Two hardware rules are used for any “permit” ACE with TCP or UDP
specified. One rule is for normal packets and one is for fragmented
packets.
Table 9-2 on page 9-18 summarizes switch use of resources to support ACES.
Table 9-2. ACL Rule and Mask Resource Usage
ACE Type Rule Usage
Standard ACLs
Implicit deny any (automatically included in any standard ACL, but not displayed by show access- 1
list < acl-# > command).
First ACE entered 1
Next ACE entered with same ACL mask 1
Next ACE entered with a different ACL mask 1
Closing ACL with a deny any or permit any ACE having the same ACL mask as the preceding ACE 1
Closing ACL with a deny any or permit any ACE having a different ACL mask than the preceding ACE 1
Extended ACLs
Implicit deny ip any (automatically included in any standard ACL, but not displayed by show access- 1
list < acl-# > command).
First ACE entered 1
Next ACE entered with same SA/DA ACL mask and same IP or TCP/UDP protocols specified 2
Next ACE entered with any of the following differences from preceding ACE in the list: 1
Different SA or DA ACL mask
Different protocol (IP as opposed to TCP/UDP) specified in either the SA or DA
Closing an ACL with a deny ip any any or permit ip any any ACE preceded by an IP ACE with the 1
same SA and DA ACL masks
Closing an ACL with a deny ip any any or permit ip any any ACE preceded by an IP ACE with different 1
SA and/or DA ACL masks
9-18

Table of Contents

Other manuals for HP ProCurve 6120G/XG

Preview: Configuration Guide
Configuration Guide662 pages
Preview: Installation And Getting Started Guide
Installation And Getting Started Guide62 pages
Preview: Installation Instructions
Installation Instructions4 pages
Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 6120G/XG and is the answer not in the manual?

HP ProCurve 6120G/XG Specifications

General IconGeneral
BrandHP
ModelProCurve 6120G/XG
CategorySwitch
LanguageEnglish

Summary

Security Overview

Access Security Features

Overview of the switch’s access security features, authentication protocols, and methods.

Network Security Features

Configuring Username and Password Security

Configuring Local Password Security

Describes how to configure local passwords for operator and manager access levels.

Front-Panel Security

Details front-panel security features for disabling button functions and managing password recovery.

Password Recovery

Web and MAC Authentication

Configuring Web Authentication

Describes how to configure the switch for Web authentication.

Configuring MAC Authentication on the Switch

Details how to configure MAC authentication on the switch.

TACACS+ Authentication

Configuring TACACS+ on the Switch

Guides the user through the process of configuring TACACS+ on the switch.

RADIUS Authentication, Authorization, and Accounting

General RADIUS Setup Procedure

Provides steps for preparing and testing the RADIUS service.

Configuring the Switch for RADIUS Authentication

Outlines the commands for configuring RADIUS authentication on the switch.

Configuring RADIUS Server Support for Switch Services

RADIUS Server Configuration for Per-Port CoS (802.1p Priority) and Rate-Limiting

Guidelines for configuring RADIUS to dynamically apply CoS and Rate-Limiting.

Configuring and Using RADIUS-Assigned Access Control Lists

Describes how to apply RADIUS-assigned ACLs on the switch.

Configuring Secure Shell (SSH)

Steps for Configuring and Using SSH for Switch and Client Authentication

Provides steps for configuring and using SSH for two-way authentication.

Configuring the Switch for SSH Operation

Details SSH-related CLI commands and their operations.

Configuring Secure Socket Layer (SSL)

Steps for Configuring and Using SSL for Switch and Client Authentication

Provides general steps for configuring and using SSL.

Configuring the Switch for SSL Operation

IPv4 Access Control Lists (ACLs)

ACL Operation

Planning an ACL Application

Configuring Advanced Threat Protection

DHCP Snooping

Protects the network from common DHCP attacks like address spoofing.

Dynamic ARP Protection

Protects the network from ARP cache poisoning attacks.

Dynamic IP Lockdown

Prevents IP source address spoofing on a per-port and per-VLAN basis.

Traffic/Security Filters and Monitors

Source-Port Filters

Named Source-Port Filters

Configuring Traffic/Security Filters

Provides procedures to specify filter types and actions on the switch.

Configuring Port-Based and User-Based Access Control (802.1X)

802.1X User-Based Access Control

802.1X Port-Based Access Control

General 802.1X Authenticator Operation

General Setup Procedure for 802.1X Access Control

Configuring Switch Ports as 802.1X Authenticators

Details how to configure ports to operate as 802.1X authenticators.

802.1X Open VLAN Mode

Configuring and Monitoring Port Security

Port Security

Explains basic operation, intruder protection, and eavesdrop prevention.

MAC Lockdown

MAC Lockout

Reading Intrusion Alerts and Resetting Alert Flags

Related product manuals