Download Print this page

Configuring And Assigning An Acl; Steps For Implementing Acls; Acl Types; Acl Configuration Structure - HP 2530 Manual Supplement

Hide thumbs Also See for 2530:

Installation and getting started manual (93 pages)

,

Quick setup manual (9 pages)

,

Quick setup manual (6 pages)

Table Of Contents

Table of Contents

Advertisement

Prefix Usage

For the IPv6 address assigned to a given

device, the prefix defines the type of

address and the network and subnet in

which the address resides. In this case,

the bits to the right of the prefix comprise

the device identifier.

Configuring and assigning an ACL

Steps for implementing ACLs

1.

Configure one or more ACLs. This creates and stores the ACLs in the switch configuration.

2.

Assign an ACL. This applies the ACL to the inbound traffic on one or more designated

interfaces.

CAUTION:

you are using ACLs to enhance network security, HP recommends disabling source routing on the

switch. To do so, execute the no ip source-route command.

ACL types

Standard ACL: Uses packet source IP address as a criterion for permitting or denying the

packet. For a standard ACL ID, use either a unique numeric string in the range 1-99 or a

unique name of up to 64 alphanumeric characters.

Extended ACL: Choices for permitting or denying a packet:

◦

Source IP address

◦

Destination IP address

◦

TCP or UDP criteria

For an extended ACL ID, use either a unique number in the range 100- 1 99 or a unique name

of up to 64 alphanumeric characters.

Plan your ACL application before configuring specific ACLs (see

(page

68).

ACL configuration structure

After entering an ACL command, inspect the resulting configuration, particularly when entering

multiple ACEs into an ACL.

Basic ACL structure:

1.

ACL identity: A name of up to 64 characters specifying the ACL name.

2.

Optional remark entries.

74

Updates for the HP Switch Software IPv6 Configuration Guide

Source routing is enabled by default on the switch and can override ACLs. Thus, if

Examples

::/0

fe80::215:60ff:fe7a:adc0/64

2620:0:a03:e102:215:60ff:fe7a:adc0/64

Notes

Zero bits. Used to allow a

match with "Any" SA or DA.

Link-Local address with a prefix

of 64 bits and a device ID of

64 bits.

Global unicast address with a

prefix of 64 bits and a device

ID of 64 bits.

"Planning an ACL application"

Table of Contents

Show Quick Links

Hide quick links:

Advertisement

Table of Contents