Example Of Acl Resource Usage; Viewing The Current Per-Port Rule And Mask Usage - HP ProCurve 5300xl Series Management Manual

Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch

Example of ACL Resource Usage

This example illustrates how to check for current per-port rule and mask
availability, and then how to create and assign an ACL, and then to verify its
effect on per-port rule and mask resources. (For more detailed information
on configuring and applying ACLs, refer to the later sections of this chapter.)

Viewing the Current Per-Port Rule and Mask Usage

The show access-list resources command displays the currently available per-
port rules and masks.
Figure 10-7. Example of Available Per-Port Rules and ACL Masks
Standard ACL Using a Subset of the Switch's Ports. Suppose that
ports 1 - 4 on a 3400cl or 6400cl switch belong to the following VLANs:
■ VLAN 1: 10.10.10.1
VLAN 2: 10.10.11.1
■
VLAN 3: 10.10.12.1
■
(Assume that ports 1-4 are tagged members of VLAN 22, although tagged/
untagged ports do not affect ACL operation because ACLs examine all
inbound traffic, regardless of VLAN membership.)
The system administrator wants to:
■ Permit inbound VLAN 1 traffic on all ports
■ Permit inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.1-30
Deny inbound VLAN 2 traffic on ports 1 - 4 from hosts 10.10.10.31-255
■
In the default
configuration, there are
120 rules and 8 per-port
ACL masks available on
each port. These masks
are reserved for ACLs and
IGMP use.
10-23