Features Common To All Acls - HP ProCurve 6120G/XG Manual

The subnet mask for this
example is 255.255.255.0.
Because of multinetting,
traffic routed from
10.28.40.17 to 10.28.30.33
18.28.40.17
remains in VLAN C. To
filter inbound traffic from
10.28.40.17, the ACL must
configured on port 3.
Figure 9-1. Example of Filter Applications

Features Common to All ACLs

On any port or static trunk you can apply one ACL to inbound traffic.
■
■ Any ACL can have multiple entries (ACEs).
You can apply any one ACL to multiple ports and trunks.
■
■ A source or destination IP address and a mask, together, can define a
single host, a range of hosts, or all hosts.
Before changing the content of an ACL assigned to one or more ports
■
or trunks, you must first remove the ACL from those ports or trunks.
Every standard ACL includes an implied "deny any" as the last entry,
■
and every extended ACL includes an implied "deny IP any any" as the
last entry. The switch applies this action to any packets that do not
match other criteria in the ACL.
■ In any ACL, you can apply an ACL log function to ACEs that have a
"deny" action. The logging occurs when there is a match on a "deny"
ACE. (The switch sends ACL logging output to Syslog and, optionally,
to a console session.)
Standard and Extended ACL features cannot be combined in one ACL.
■
You can configure ACLs using either the CLI or a text editor. The text-editor
method is recommended when you plan to create or modify an ACL that has
more entries than you can easily enter or edit using the CLI alone. Refer to
"Editing ACLs and Creating an ACL Offline" on page 9-61.
2610Switch with IP Routing
Enabled
10.28.10.5
Port 1
VLAN B
10.28.20.1
(One Subnet)
VLAN C
10.28.40.1
Port 3
(Multiple Subnets)
IPv4 Access Control Lists (ACLs)
Overview
VLAN A
10.28.10.1
(One Subnet)
Port 2
10.28.30.1
Port 4
9-11