HP 7102dl - ProCurve Secure Router Configuration Manual page 275
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
Table 5-10. Actions Based on ACP Configuration
ACL
ACP
deny
does not matter
permit
allow
permit
discard
permit
nat
ACL Deny Entries. When a packet matches a deny entry in an ACL, it does
not matter what action the corresponding ACP entry specifies. The Secure
Router OS firewall does not perform that action, whatever it is. When a packet
matches an ACL's deny entry, the Secure Router OS firewall immediately stops
processing the ACL and the corresponding ACP entry. It advances to the next
entry in the ACP and searches the associated ACL for another match for that
packet. (This process is different from that implemented with the Cisco
access-group command, which automatically discards traffic denied to
the ACL.)
If the packet matches only deny entries, it will eventually be discarded due to
the implicit "discard all" at the end of the ACP.
ACL Permit Entries. Permit entries in an ACL select packets for the action
specified in the ACP entry. If a packet matches a permit entry in the ACL, the
Secure Router OS firewall performs the action specified in the ACP entry. It
will either allow, discard, or NAT the packet. After performing this action, the
Secure Router OS firewall will not continue searching the ACP to identify
other possible matches for that packet.
ACP Flow Chart. Figure 5-11 outlines the process that the Secure Router
OS firewall follows when the router receives a packet on an interface. The
firewall first determines if an ACP has been assigned to the interface. If there
is an ACP, the Secure Router OS firewall begins the process of trying to match
the packet to an entry in the first ACL listed in the ACP.
Applying Access Control to Router Interfaces
Using ACPs to Control Access to Router Interfaces
Action
Secure Route OS firewall:
• does not take the specified action on the packet
• stops processing this ACL
• tries to match the packet to the next entry in the
ACP (if there is one)
Secure Router OS firewall allows the packet
Secure Router OS firewall discards the packet
Secure Router OS firewall NATs the packet
5-43
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
