IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Planning an ACL Application
Before creating and implementing ACLs, you need to define the policies you
want your ACLs to enforce, and understand how the ACL assignments will
impact your network users.
N o t e
All IPv4 traffic entering the switch on a given interface is filtered by all ACLs
configured for inbound traffic on that interface. For this reason, an inbound
IPv4 packet will be denied (dropped) if it has a match with either an implicit
or explicit
deny
in
any
of the inbound ACLs applied to the interface.
(Refer to “Multiple ACLs on an Interface” on page 9-16.)
IPv4 Traffic Management and Improved Network
Performance
You can use ACLs to block traffic from individual hosts, workgroups, or
subnets, and to block access to VLANs, subnets, devices, and services. Traffic
criteria for ACLs include:
■
Switched and/or routed traffic
■
Any traffic of a specific IPv4 protocol type (0-255)
■
Any TCP traffic (only) for a specific TCP port or range of ports,
including optional control of connection traffic based on whether the
initial request should be allowed
■
Any UDP traffic or UDP traffic for a specific UDP port
■
Any ICMP traffic or ICMP traffic of a specific type and code
■
Any IGMP traffic or IGMP traffic of a specific type
■
Any of the above with specific precedence and/or ToS settings
Answering the following questions can help you to design and properly
position IPv4 ACLs for optimum network usage.
9-24
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......