HP ProCurve 5300xl Series Management Manual page 353
Advanced traffic
Hide thumbs
Also See for ProCurve 5300xl Series:
- Access security manual (292 pages) ,
- Specification sheet (12 pages) ,
- Management and configuration manual (508 pages)
Table of Contents
Advertisement
–
The packet's DA is for an IP address configured on the switch
itself. (This increases your options for protecting the switch from
unauthorized management access.)
Because ACLs are assigned to VLANs, an ACL that filters inbound traffic
on a particular VLAN examines packets meeting the above criteria that
have entered the switch through any port on that VLAN.
Outbound Traffic: For defining the points where the switch applies ACLs to
filter traffic, outbound traffic is routed traffic leaving the switch through
a physical port; that is, traffic received on a port in one VLAN (subnet)
and sent through a port on another VLAN to another device. This requires
that you enable IP routing on the switch. The switch does not apply ACLs
internally where routed traffic moves between VLANs. Note that for ACL
purposes, "outbound traffic" does not include traffic received on one port
and switched to the outbound queue of another port on the same VLAN
(subnet); that is, traffic arriving on and leaving the switch on the same
VLAN. (Refer also to "ACL Inbound and Outbound Application Points" on
page 9-8.)
Permit: An ACE configured with this action allows the switch to forward a
routed packet for which there is a match within an applicable ACL.
SA: The acronym for Source IP Address. In an IP packet, this is the source IP
address carried in the IP header, and identifies the packet's sender. In an
extended ACE, this is the first of two IP addresses used by the ACE to
determine whether there is a match between a packet and the ACE. See
also "DA".
Standard ACL: This type of Access Control List uses layer-3 IP criteria of
source IP address to determine whether there is a match with an IP packet.
You can apply standard ACLs to either inbound or outbound routed traffic
and to any inbound switched or routed traffic with a DA belonging to the
switch itself. Standard ACLs require an identification number (ID) in the
range of 100 - 199 or an alphanumeric name.
Wildcard: The part of a mask that indicates the bits in a packet's IP addressing
that do not need to match the corresponding bits specified in an ACL. See
also ACL Mask on page 9-6.
Access Control Lists (ACLs) for the Series 5300xl Switches
Terminology
9-7
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
