Vacl Applications; Static Port Acl And Radius-Assigned Acl Applications - HP 3500yl Series Access Security Manual

IPv4 Access Control Lists (ACLs)
Overview
Note
10-16

VACL Applications

VACLs filter any IPv4 traffic entering the switch on a VLAN configured with
the "VLAN" ACL option.
vlan < vid > ip access-group < identifier > vlan
For example, in figure 10-2, you would assign a VACL to VLAN 2 to filter all
inbound switched or routed IPv4 traffic received from clients on the 10.28.20.0
network. In this instance, routed traffic received on VLAN 2 from VLANs 1 or
3 would not be filtered by the VACL on VLAN 2.
The subnet mask for this
example is 255.255.255.0.
Configuring a VACL on VLAN
2 filters the inbound IPv4
traffic from clients B and, C
for all switched and routed
destinations on all VLANs on
the switch. Traffic routed
from VLANs 1 and 3 to VLAN
2 is not filtered by the VACL
on VLAN 2 because the
configured VACL applies
only to IPv4 traffic entering
the switch on VLAN 2 (and
not from traffic routed from
other VLANs configured on
the switch.)
Figure 10-2. Example of VACL Filter Application to IPv4 Traffic Entering the Switch
The switch allows one VACL assignment configured per VLAN. This is in
addition to any other ACL applications assigned to the VLAN or to ports in the
VLAN.

Static Port ACL and RADIUS-Assigned ACL Applications

An IPv4 static port ACL filters any IPv4 traffic inbound on the designated port,
regardless of whether the traffic is switched or routed.
Switch with IPv4 Routing
A
Enabled
10.28.10.5
VLAN 2 with VACL
(One Subnet)
B
10.28.20.1
10.28.20.88
VLAN 3
(Multiple Subnets)
D
10.28.40.1
10.28.40.22
VLAN 1
10.28.10.1
(One Subnet)
10.28.30.1
C
E