Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
General ACL Operating Notes
General ACL Operating Notes
ACLs do not provide DNS hostname support.
Protocol Support: ACL criteria includes IP, TCP, and UDP. ACLs do not use
these protocols:
■ TOS (Type-of-Service)
■ Precedence
■ MAC information
■ QoS
ACLs do not affect switch serial port access.
When the ACL configuration includes TCP or UDP options, the switch
operates in “strict” TCP and UDP mode for increased control. The
switch compares all TCP and UDP packets against the ACLs. (In the HP Series
9300 Routing Switches, the Strict TCP and Strict UDP modes are optional and
must be specifically invoked.)
Replacing or Adding To an Active ACL Policy. If you assign an ACL to
an interface and subsequently want to add or replace ACEs in that ACL, you
must first remove the ACL from all assigned interfaces.
Note When an ACE becomes active, it screens the packets resulting from new traffic
connections. It does not screen packets resulting from currently open traffic
connections. If you invoke a new ACE to screen packets in a currently open
traffic connection, you must force the connection to close before the ACE can
begin screening packets from that source.
ACLs Do Not Filter Traffic Generated by the Switch. Because ACLs on
the 3400cl/6400cl switches filter only inbound traffic at the inbound physical
port, outbound traffic from any source is not filtered by any ACL(s) configured
on the switch. Filtering of such traffic must be done at a downstream device.
< acl-list-# >: Unable to apply access control list.
10-75
To Next Page
Loading...
