HP ProCurve Series 3400cl Release Notes page 58

Procurve series

Hide thumbs Also See for ProCurve Series 3400cl:

Management manual (664 pages)

Management and configuration manual (508 pages)

Access security manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

page of 197

/ 197
Contents
Table of Contents
Bookmarks

Table of Contents

Enhancements

Release M.10.02 Enhancements

Terminology

ACE: See Access Control Entry, below.

Access Control Entry (ACE): An ACE is a policy consisting of a packet-handling action and criteria

to define the packets on which to apply the action. For RADIUS-based ACLs, the elements

composing the ACE include:

•

permit or drop (action)

•

in < ip-packet-type > from any (source)

•

to < ip-address [/ mask ] | any > (destination)

[ port-# ] (optional TCP or UDP application port numbers used when the packet type is TCP

•

or UDP)

•

[ cnt ] (optional counter that increments when there is a packet match)

ACL: See Access Control List, below.

Access Control List (ACL): A list (or set) consisting of one or more explicitly configured Access

Control Entries (ACEs) and terminating with an implicit "deny" default which drops any packets

that do not have a match with any explicit ACE in the named ACL.

ACL Mask: Follows a destination IP address listed in an ACE. Defines which bits in a packet's

corresponding IP addressing must exactly match the IP addressing in the ACE, and which bits

need not match (wildcards).

DA: The acronym for Destination IP Address. In an IP packet, this is the destination IP address

carried in the header, and identifies the destination intended by the packet's originator.

Deny: An ACE configured with this action causes the switch to drop a packet for which there is a

match within an applicable ACL.

Deny Any Any: An abbreviated form of deny in ip from any to any, which denies any inbound IP traffic

from any source to any destination.

Extended ACL: This type of Access Control List uses layer-3 IP criteria composed of source and

destination IP addresses and (optionally) TCP or UDP port criteria to determine whether there

is a match with an IP packet. On the 3400cl switches, the source IP address is always defined as

"any", and extended ACLs apply only to inbound bridged or routed traffic. For a RADIUS-based,

extended ACL assigned to a port, only the inbound traffic from the client whose authentication

caused the ACL assignment is filtered. Inbound traffic from any other sources is denied.

Implicit Deny: If the switch finds no matches between an inbound packet and the configured criteria

in an applicable ACL, then the switch denies (drops) the packet with an implicit "deny IP any/

any" operation. You can preempt the implicit "deny IP any/any" in a given ACL by configuring

permit in ip from any to any as the last explicit ACE in the ACL. Doing so permits any inbound IP

Table of Contents

This manual is also suitable for:

Procurve 3400cl-48g Procurve 6400cl-6xg Procurve 6410cl-6xg Procurve 3400cl-24g

HP ProCurve Series 3400cl Release Notes page 58

Related Manuals for HP ProCurve Series 3400cl

Related Products for HP ProCurve Series 3400cl

This manual is also suitable for:

Table of Contents