Ipv4 Static Acl Operation; Introduction; The Packet-Filtering Process - HP ProCurve 2910al Access Security Manual

IPv4 Access Control Lists (ACLs)

IPv4 Static ACL Operation

Note
9-20

IPv4 Static ACL Operation

Introduction

An ACL is a list of one or more Access Control Entries (ACEs), where each
ACE consists of a matching criteria and an action (permit or deny). A static
ACL applies only to the switch in which it is configured. ACLs operate on
assigned interfaces, and offer these traffic filtering options:
IPv4 traffic inbound on a port.
■
The following table lists the range of interface options:
Interface ACL Application
Port Static Port ACL
(switch configured)
Dynamic Port ACL
(RADIUS assigned) used by authenticated
1
This chapter describes ACLs statically configured on the switch. For information on dynamic
port ACLs assigned by a RADIUS server, refer to chapter 6, "Configuring RADIUS Server
Support for Switch Services".
After you assign an IPv4 ACL to an interface, the default action on the interface
is to implicitly deny IPv4 traffic that is not specifically permitted by the ACL.
(This applies only in the direction of traffic flow filtered by the ACL.)

The Packet-filtering Process

Sequential Comparison and Action. When an ACL filters a packet, it
sequentially compares each ACE's filtering criteria to the corresponding data
in the packet until it finds a match. The action indicated by the matching ACE
(deny or permit) is then performed on the packet.
Implicit Deny. If a packet does not have a match with the criteria in any of
the ACEs in the ACL, the ACL denies (drops) the packet. If you need to
override the implicit deny so that a packet that does not have a match will be
permitted, then you can use the "permit any" option as the last ACE in the
Application Point
inbound on the switch port
1
inbound on the switch port inbound IPv4 traffic from the
client
Filter Action
inbound IPv4 traffic
authenticated client