General Steps For Planning And Configuring Acls - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
General Steps for Planning and Configuring ACLs
1.
Identify the ACL action to apply. As part of this step, determine the best
points at which to apply specific ACL controls. For example, you can
improve network performance by filtering unwanted IPv4 traffic at the
edge of the network instead of in the core. Also, on the switch itself, you
can improve performance by filtering unwanted IPv4 traffic where it is
inbound to the switch instead of outbound.
Traffic Source
IPv4 or IPv6 traffic from a specific,
authenticated client
IPv4 traffic entering the switch on a
specific port
switched or routed IPv4 traffic entering the
switch on a specific VLAN
routed IPv4 traffic entering or leaving the
switch on a specific VLAN
*For more on this option, refer to chapter 7, "Configuring RADIUS Server Support for
Switch Services", and also to the documentation for your RADIUS server.)
2.
Identify the traffic types to filter. (IPv4 only, unless the ACL is a RADIUS-
assigned ACL, which supports IPv4 and IPv6 filtering.
•
The SA and/or the DA of traffic you want to permit or deny. This can
be a single host, a group of hosts, a subnet, or all hosts.
•
Traffic of a specific IPv4 protocol type (0-255)
•
Any TCP traffic (only) for a specific TCP port or range of ports,
including optional control of connection traffic based on whether the
initial request should be allowed
•
All UDP traffic or UDP traffic for a specific UDP port
•
All ICMP traffic or ICMP traffic of a specific type and code
•
All IGMP traffic or IGMP traffic of a specific type
•
Any of the above with specific precedence and/or ToS settings
3.
Design the ACLs for the control points (interfaces) you have selected.
Where you are using explicit "deny" ACEs, you can optionally use the
VACL logging feature for notification that the switch is denying unwanted
packets.
4.
Configure the ACLs on the selected switches.
IPv4 Access Control Lists (ACLs)
ACL Application
RADIUS-assigned ACL for inbound IP
traffic from an authenticated client on a
port*
static port ACL (static-port assigned) for
any inbound IPv4 traffic on a port from any
source
VACL (VLAN ACL)
RACL (routed ACL)
Overview
10-23
Hide quick links:
Advertisement
Chapters
Table of Contents
