HP ProCurve 6400cl Series Management And Configuration Manual page 429
Hide thumbs
Also See for ProCurve 6400cl Series:
- Access security manual (404 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Note
Figure C-1. Indication that Routing Is Enabled
If an ACL assigned to a VLAN includes an ACE referencing an IP address on
the switch itself as a packet source or destination, the ACE screens traffic to
or from this switch address regardless of whether IP routing is enabled. This
is a security measure designed to help protect the switch from unauthorized
management access.
If you need to configure IP routing, execute the ip routing command.
2. ACL filtering on the 5300xl switches applies only to routed packets and
packets having a destination IP address (DA) on the switch itself. Also,
the switch applies assigned ACLs only at the point where traffic enters or
leaves the switch on a VLAN. Ensure that you have correctly applied your
ACLs ("in" and/or "out") to the appropriate VLAN(s).
The switch does not allow management access from a device on the
same VLAN.
The implicit deny any function that the switch automatically applies as the last
entry in any ACL always blocks packets having the same DA as the switch's
IP address on the same VLAN. That is, bridged packets with the switch itself
as the destination are blocked as a security measure. To preempt this action,
edit the ACL to include an ACE that permits access to the switch's DA on that
VLAN from the management device.
Troubleshooting
Unusual Network Activity
Indicates that routing is enabled; a require
ment for ACL operation. (There is an
exception. See the Note, below.)
C-9
Advertisement
Chapters
Table of Contents
Troubleshooting
