HP ProCurve 5300xl Series Management Manual page 414

Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Introduction
Notes
10-4
Switch Management Access: Permits or denies in-band manage­
■
ment access. This includes preventing the use of certain TCP or UDP
applications (such as Telnet, SSH, web browser, and SNMP) for
transactions between specific source and destination IP addresses.
Application Access Security: Eliminates inbound, unwanted IP,
■
TCP, or UDP traffic by filtering packets where they enter the switch
on specific physical ports or trunks.
This chapter describes how to configure, apply, and edit ACLs in HP ProCurve
Series 3400cl and Series 6400cl switches and how to monitor the results of
ACL actions.
Unlike the HP ProCurve Series 5300xl switches, it is not necessary to enable
routing on 3400cl/6400cl switches to support ACL operation.
ACLs can enhance network security by blocking selected IP traffic, and can
serve as one aspect of maintaining network security. However, because ACLs
do not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution.
ACLs in the 3400cl/6400cl switches do not screen non-IP traffic such as
AppleTalk and IPX.
For ACL filtering to take effect, configure an ACL and then assign it to the
inbound traffic on a statically configured port or trunk.