10-69
IPv4 Access Control Lists (ACLs)
Configuring Extended ACLs
[established]
—
This option applies only where TCP is the
configured protocol type. It blocks the synchronizing packet
associated with establishing a TCP connection in one direction
on a VLAN while allowing all other IPv4 traffic for the same
type of connection in the opposite direction. For example, a
Telnet connect requires TCP traffic to move both ways between
a host and the target device. Simply applying a
deny
to inbound
Telnet traffic on a VLAN would prevent Telnet sessions in either
direction because responses to outbound requests would be
blocked. However, by using the
established
option, inbound
Telnet traffic arriving in response to outbound Telnet requests
would be permitted, but inbound Telnet traffic trying to estab-
lish a connection would be denied.
TCP Control Bits.
In a given ACE for filtering TCP traffic
you can configure one or more of these options:
[ ack ]
— Acknowledgement.
[ fin ]
— Sender finished.
[ rst ]
— Connection reset.
[ syn ]
— TCP control bit: sequence number synchronize.
For more on using TCP control bits, refer to RFC 793.
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......