EasyManuals Logo

HP ProCurve 6120G/XG User Manual

HP ProCurve 6120G/XG
606 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #345 background imageLoading...
Page #345 background image
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
(Assume that ports 1-4 are tagged members of VLAN 22, although tagged/
untagged ports do not affect ACL operation because ACLs examine all
inbound traffic, regardless of VLAN membership.)
The system administrator wants to:
Permit inbound VLAN 1 traffic on all ports
Permit inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.1-30
Deny inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.31-255
Permit inbound VLAN 3 traffic on all ports.
Because all ports in the example have the same inbound traffic requirements
for ACL filtering, the system administrator needs to create only one ACL for
application to all four ports.
All inbound 10.10.10.x (VLAN 1) traffic is allowed on all ports.
For the inbound 10.10.11.x (VLAN 2) traffic, the fourth octet of the
ACL mask includes an overlap of permit and deny use on the “16” bit,
which will require two different ACEs in the ACL. That is:
To deny hosts in the range of 31-255 in the fourth octet, it is necessary
to use an ACE that specifies the leftmost four bits of the octet.
To permit hosts in the range of 1-30 in the fourth octet, it is necessary
to use and ACE that specifies the rightmost five bits of the octet.
The overlap
1
can be illustrated as shown here:
Bit Values in the Fourth Octet 128 64 32 16 8 4 2 1
Bits Needed To Deny Hosts 31 - 255
(4th Octet Mask: 0.0.0.224)
Bits Needed To Permit Hosts 1 - 30
(4th Octet Mask: 0.0.0.31)
1
For more on this topic, refer to “Rules for Defining a Match Between a Packet
and an Access Control Entry (ACE)” on page 9-28, and “Using CIDR Notation
To Enter the ACL Mask” on page 9-39.
The overlap on the “16” bit means that it is necessary for the ACL to deny
the host at 10.10.11.31 before permitting the hosts in the range of
10.10.10.1 - 30. The complete sequence is:
1. Permit all inbound traffic from 10.10.10.x.
2. Permit all inbound traffic from 10.10.12.x.
3. Deny the host at 10.10.11.31.
9-21

Table of Contents

Other manuals for HP ProCurve 6120G/XG

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 6120G/XG and is the answer not in the manual?

HP ProCurve 6120G/XG Specifications

General IconGeneral
BrandHP
ModelProCurve 6120G/XG
CategorySwitch
LanguageEnglish

Related product manuals