Overview; Types Of Ip Acls; Acl Inbound Application Points - ProCurve 2610 Manual

Overview

Types of IP ACLs

Standard ACL: Use a standard ACL when you need to permit or deny traffic
based on source IP address. Standard ACLs are also useful when you need to
quickly control a performance problem by limiting traffic from a subnet, group
of devices, or a single device. (This can block all inbound IP traffic from the
configured source, but does not block traffic from other sources within the
network.) This ACL type uses a numeric ID of 1 through 99 or an alphanumeric
ID string. You can specify a single host, a finite group of hosts, or any host.
Extended ACL: Use extended ACLs whenever simple IP source address
restrictions do not provide the breadth of traffic selection criteria you want
for a port or trunk. Extended ACLs allow use of the following criteria:
Source and destination IP addresses
■
■ TCP application criteria
UDP application criteria
■

ACL Inbound Application Points

You can apply ACL filtering to IP traffic inbound on a physical port or static
trunk with a destination (DA):
■ On another device. (ACLs are not supported on dynamic LACP
trunks.)
On the switch itself. In figure 9-1, below, this would be any of the IP
■
addresses shown in VLANs "A", "B", and "C" on the switch. (IP routing
need not be enabled.)
The switch can apply ACL filtering to traffic entering the switch on ports and/
or trunks configured to apply ACL filters. For example, in figure 9-1 you would
assign an inbound ACL on port 1 to filter a packet from the workstation
10.28.10.5 to the server at 10.28.20.99. Note that all ACL filtering is performed
on the inbound port or trunk. Routing may be enabled or disabled on the
switch, and any permitted inbound traffic may have any valid destination.
Access Control Lists (ACLs)

Overview

9-9