Overview; Types Of Ipv4 Acls; Acl Applications - HP ProCurve 2910al Access Security Manual

IPv4 Access Control Lists (ACLs)

Overview

9-14

Overview

Types of IPv4 ACLs

A permit or deny policy for IPv4 traffic you want to filter can be based on
source address alone, or on source address plus other factors.
Standard ACL: Use a standard ACL when you need to permit or deny IPv4
traffic based on source address only. Standard ACLs are also useful when you
need to quickly control a performance problem by limiting IPv4 traffic from a
subnet, group of devices, or a single device. (This can block all IPv4 traffic
from the configured source, but does not hamper IPv4 traffic from other
sources within the network.) A standard ACL uses an alphanumeric ID string
or a numeric ID of 1 through 99. You can specify a single host, a finite group
of hosts, or any host.
Extended ACL: Use an extended ACL when simple IPv4 source address
restrictions do not provide the sufficient traffic selection criteria needed on
an interface. Extended ACLs allow use of the following criteria:
■ source and destination IPv4 address combinations
IP protocol options
■
Extended, named ACLs also offer an option to permit or deny IPv4 connec­
tions using TCP for applications such as Telnet, http, ftp, and others.

ACL Applications

ACL filtering is applied to IPv4 traffic as follows:
Static port ACL: any inbound IPv4 traffic on that port.
■
■ Dynamic port ACL: on a port having an ACL assigned by a RADIUS
server to filter an authenticated client's traffic, filters inbound IPv4
traffic from that client
(For information on RADIUS-assigned ACLs, refer to chapter 6
"Configuring RADIUS Server Support for Switch Services".)