Introduction - HP ProCurve 2910al Access Security Manual

IPv4 Access Control Lists (ACLs)

Introduction

Note
9-4

Introduction

An Access Control List (ACL) is a list of one or more Access Control Entries
(ACEs) specifying the criteria the switch uses to either permit (forward) or
deny (drop) IP packets traversing the switch's interfaces. This chapter
describes how to configure, apply, and edit IPv4 ACLs in a network populated
with the switches covered by this guide, and how to monitor IPv4 ACL actions.
This chapter describes ACLs for IPv4 configuration and operation. In this
chapter, unless otherwise noted:
The term "ACL" refers to IPv4 ACLs.
■
Descriptions of ACL operation apply only to IPv4 ACLs.
■
For information on dynamic (RADIUS-assigned) ACLs, refer to "Dynamic Port
ACLs" on page 9-6.
.
Feature
Standard ACLs
Extended ACLs
Enable or Disable an ACL
Display ACL Data
Delete an ACL
Configure an ACL from a TFTP Server
Enable ACL Logging
IPv4 filtering with ACLs can help improve network performance and restrict
network use by creating policies for:
■ Switch Management Access: Permits or denies in-band manage­
ment access. This includes limiting and/or preventing the use of
designated protocols that run on top of IPv4, such as TCP, UDP, IGMP,
ICMP, and others. Also included are the use of precedence and ToS
criteria, and control for application transactions based on source and
destination IPv4 addresses and transport layer port numbers.
Application Access Security: Eliminates unwanted traffic in a path
■
by filtering IPv4 packets where they enter or leave the switch on
specific interfaces.
IPv4 ACLs can filter traffic to or from a host, a group of hosts, or entire subnets.
Default CLI
None 9-44
None 9-53
n/a 9-73
n/a 9-85
n/a 9-74
n/a 9-94
n/a 9-98