Overview; Types Of Ip Acls; Acl Inbound Application Points - HP ProCurve 5300xl Series Management Manual

Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Standard ACL: This type of Access Control List uses layer-3 IP criteria of
source IP address to determine whether there is a match with an inbound
IP packet. You can apply a standard ACL to inbound traffic on a port or
trunk, including any inbound traffic with a DA belonging to the switch
itself. Standard ACLs require an identification number (ID) in the range
of 1 - 99 or an alphanumeric name.
Wildcard: The part of a mask that indicates the bits in a packet's IP addressing
that do not need to match the corresponding bits specified in an ACL. See
also ACL Mask on page 10-7.

Overview

Types of IP ACLs

Standard ACL: Use a standard ACL when you need to permit or deny traffic
based on source IP address. Standard ACLs are also useful when you need to
quickly control a performance problem by limiting traffic from a subnet, group
of devices, or a single device. (This can block all inbound IP traffic from the
configured source, but does not block traffic from other sources within the
network.) This ACL type uses a numeric ID of 1 through 99 or an alphanumeric
ID string. You can specify a single host, a finite group of hosts, or any host.
Extended ACL: Use extended ACLs whenever simple IP source address
restrictions do not provide the breadth of traffic selection criteria you want
for a port or trunk. Extended ACLs allow use of the following criteria:
■ Source and destination IP addresses
TCP application criteria
■
UDP application criteria
■

ACL Inbound Application Points

You can apply ACL filtering to IP traffic inbound on a physical port or static
trunk with a destination (DA):
On another device. (ACLs are not supported on dynamic LACP
■
trunks.)
On the switch itself. In figure 10-2, below, this would be any of the IP
■
addresses shown in VLANs "A", "B", and "C" on the switch. (IP routing
need not be enabled.)
Overview
10-9