Acl Operating Notices - HP 2530 Manual Supplement
Hide thumbs
Also See for 2530:
- Quick setup manual (6 pages) ,
- Quick setup manual (9 pages) ,
- Installation and getting started manual (93 pages)
Table of Contents
Advertisement
Example 51 Commands for applying an ACL with logging
HP Switch(config)# access-list 143 deny tcp host 10.38.100.127
any eq telnet log
HP Switch(config)# access-list 143 permit ip any any
HP Switch(config)# interface 10 access-group 143 in
HP Switch(config)# logging 10.38.110.54
HP Switch(config)# debug ac1
HP Switch(config)# debug destination logging
HP Switch(config)# debug destination session
HP Switch(config)# write memory
HP Switch(config)# show debug
Debug Logging
Destination:
Logging
10.38.110.54
Session
Enabled debug types:
event
acl log
ACL operating notices
ACL logging
ACLs do not affect serial port access. ACLs do not apply to the switch's serial port.
ACLs do not provide DNS hostname
support.
Connection-rate ACLs.
Minimum number of ACEs in an IPv6
ACL.
The ACL logging feature generates a message only
when packets are explicitly denied as the result of a
match, and not when explicitly permitted or implicitly
denied. To help test ACL logging, configure the last
entry in an ACL as an explicit deny statement with a
log statement included and apply the ACL to an
appropriate port or IP routing interface.
Logging enables you to selectively test specific devices
or groups. However, excessive logging can affect
switch performance. For this reason, HP recommends
that you remove the logging option from ACEs for which
you do not have a present need and do not configure
logging where it does not serve an immediate purpose.
(ACL logging is not an accounting method.) See also
"Apparent Failure To Log All 'Deny' or 'Permit'
Matches" in the section "ACL Problems," in appendix
"Troubleshooting" of the latest HP Switch Software
Management and Configuration Guide for your switch.
When configuring logging, you can reduce excessive
resource use by configuring the appropriate ACEs to
match with specific hosts instead of entire subnets. For
more information on resource usage, see page
Monitoring shared resources (page
ACLs cannot be configured to screen hostname IP traffic
between the switch and a DNS.
Connection-rate ACLs are supported for IPv4, but not for
IPv6.
An IPv6 ACL must include at least one ACE to enable traffic
screening. An IPv6 ACL can be created "empty"; without
any ACEs. However, if an empty ACL is applied to an
108).
ACL operating notices 107
- Quick Links:
- Dhcp Snooping
- Enabling Dhcp Snooping
Hide quick links:
Advertisement
Table of Contents
