Planning An Acl Application; Ipv4 Traffic Management And Improved Network Performance - HP ProCurve 2910al Access Security Manual
Hide thumbs
Also See for ProCurve 2910al:
- Configuration manual (194 pages) ,
- Manual (126 pages) ,
- Installation and getting started manual (114 pages)
Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Note
9-24
Planning an ACL Application
Before creating and implementing ACLs, you need to define the policies you
want your ACLs to enforce, and understand how the ACL assignments will
impact your network users.
All IPv4 traffic entering the switch on a given interface is filtered by all ACLs
configured for inbound traffic on that interface. For this reason, an inbound
IPv4 packet will be denied (dropped) if it has a match with either an implicit
or explicit deny in any of the inbound ACLs applied to the interface.
(Refer to "Multiple ACLs on an Interface" on page 9-16.)
IPv4 Traffic Management and Improved Network
Performance
You can use ACLs to block traffic from individual hosts, workgroups, or
subnets, and to block access to VLANs, subnets, devices, and services. Traffic
criteria for ACLs include:
■
Switched and/or routed traffic
■
Any traffic of a specific IPv4 protocol type (0-255)
■
Any TCP traffic (only) for a specific TCP port or range of ports,
including optional control of connection traffic based on whether the
initial request should be allowed
Any UDP traffic or UDP traffic for a specific UDP port
■
Any ICMP traffic or ICMP traffic of a specific type and code
■
■
Any IGMP traffic or IGMP traffic of a specific type
■
Any of the above with specific precedence and/or ToS settings
Answering the following questions can help you to design and properly
position IPv4 ACLs for optimum network usage.
Hide quick links:
Advertisement
Table of Contents
