Table of Contents
Advertisement
In the above case:
Matches with ACEs 10 or 20 that originate on VLAN 20 will increment
■
only the counters for the instances of these two ACEs in the Test-1
VACL assignment on VLAN 20. The same counters in the instances of
ACL Test-1 assigned to VLANs 50 and 70 will not be incremented.
■
Any Telnet requests to 10.10.20.12 that originate on VLANs 50 or 70
will be filtered by instances of Test-1 assigned as RACLs, and will
increment the counters for ACE 10 on both RACL instances of the
Test-1 ACL.
Using the network in figure 10-55, a device at 10.10.20.4 on VLAN 20 attempting
to ping and Telnet to 10.10.20.12 is filtered through the VACL instance of the
"Test-1" ACL on VLAN 20 and results in the following:
HP Switch(config)# ping 10.10.20.2
10.10.20.2 is alive, time = 5 ms
HP Switch(config)# telnet 10.10.20.2
Telnet failed: Connection timed out.
HP Switch(config)#
Figure 10-56. Ping and Telnet from 10.10.20.4 to 10.10.20.2 Filtered by the
Assignment of "Test-1" as a VACL on VLAN 20
IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
10-125
Hide quick links:
Advertisement
Table of Contents
