Acl Applications; Radius-Assigned Acls; General Application Options; Ipv6 Acls - HP 2530 Manual Supplement

Feature
Configure an ACL from a TFTP Server
Enable ACL Logging

ACL applications

ACLs can filter traffic from a host, a group of hosts, or from entire subnets. When applying ACLs
to filter traffic from outside a network or subnet, applying ACLs at the edge of the network or subnet
removes unwanted traffic and improves system performance. ACLs filter only inbound traffic and
can rapidly consume switch resources, so apply ACLs on "edge" ports where ACLs are less complex
and less resource-intensive.

RADIUS-assigned ACLs

A RADIUS-assigned ACL for filtering traffic from a specific client or group of clients is configured
on a RADIUS server. When the server authenticates a client associated with that ACL, the ACL is
assigned to filter the inbound IP traffic received from the authenticated client through the port on
which the client is connected to the switch. If the RADIUS server supports both IPv4 and IPv6 ACEs,
then the ACL assigned by the server can be configured to filter both traffic types, or just the IPv4
traffic. When the client session ends, the ACL is removed from the port. The switch allows as many
RADIUS-assigned ACLs on a port as it allows authenticated clients. For information on
RADIUS-assigned ACLs, refer to the chapter titled, "Configuring RADIUS Server Support for Switch
Services" in the latest HP Switch Software Access Security Guide for your switch.
NOTE: This chapter describes the IPv6 ACL applications you can statically configure on the
switch. For information on static IPv4 ACL applications, see the "IPv4 Access Control Lists ACLs) "
chapter in the latest HP Switch Software Access Security Guide for your switch.

General application options

Layer 3 IP filtering with ACLs lets you improve network performance and restrict network use by
creating policies for:
Switch Management Access: Permits or denies in-band management access that includes
preventing the use of certain TCP or UDP applications (such as Telnet, SSH, web browser,
and SNMP) for transactions between specific source and destination IP addresses.
Application Access Security: Eliminates inbound, unwanted IP, TCP, or UDP traffic by filtering
packets where they enter the switch on specific physical ports or trunks.
ACLs can enhance network security by blocking selected IP traffic, and can help maintain network
security. However, because ACLs do not provide user or device authentication or protection from
malicious manipulation of data carried in IP packet transmissions, they are not a complete security
solution.
ACLs do not screen non-IP traffic such as AppleTalk and IPX.
For ACL filtering to take effect, configure an ACL and then assign it to the inbound traffic on a
statically configured port or trunk.

IPv6 ACLs

Standard ACL: Use a standard ACL to permit or deny traffic based on source IP address or limit
traffic from a subnet, group of devices, or a single device. This can block all inbound IP traffic from
the configured source, but does not block traffic from other sources within the network. This ACL
type uses a numeric ID (1 through 99) or an alphanumeric IP string. You can specify a single host
or a group of hosts.
58 Updates for the HP Switch Software IPv6 Configuration Guide
Default CLI
n/a 86
n/a 105