10-31
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Security
ACLs can enhance security by blocking traffic carrying an unauthorized
source IPv4 address (SA). This can include:
■
blocking access from specific devices or interfaces (port or VLAN)
■
blocking access to or from subnets in your network
■
blocking access to or from the internet
■
blocking access to sensitive data storage or restricted equipment
■
preventing specific IPv4, TCP, UDP, IGMP, and ICMP traffic types,
including unauthorized access using functions such as Telnet, SSH,
and web browser
You can also enhance switch management security by using ACLs to block
IPv4 traffic that has the switch itself as the destination address (DA).
C a u t i o n
IPv4 ACLs can enhance network security by blocking selected traffic, and can
serve as one aspect of maintaining network security.
However, because ACLs
do not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution
.
N o t e
Static IPv4 ACLs for the switches covered by this guide do not filter non-IPv4
traffic such as IPv6, AppleTalk, and IPX. RADIUS-assigned ACLs assigned by
a RADIUS server can be configured on the server to filter both IPv4 and IPv6
traffic, but do not filter non-IP traffic.
Guidelines for Planning the Structure of a Static ACL
After determining the filtering type (standard or extended) and ACL applica-
tion (RACL, VACL, or static port ACL) to use at a particular point in your
network, determine the order in which to apply individual ACEs to filter IPv4
traffic (For information on ACL applications, refer to “ACL Applications” on
page 10-13.).
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......