Overview; Types Of Ip Acls; Acl Inbound And Outbound Application Points - HP ProCurve 5300xl Series Management Manual

Access Control Lists (ACLs) for the Series 5300xl Switches

Overview

9-8

Overview

Types of IP ACLs

Standard ACL: Use a standard ACL when you need to permit or deny traffic
based on source IP address only. Standard ACLs are also useful when you need
to quickly control a performance problem by limiting traffic from a subnet,
group of devices, or a single device. (This can block all IP traffic from the
configured source, but does not hamper traffic from other sources within the
network.) This ACL type uses a numeric ID of 1 through 99 or an alphanumeric
ID string. You can specify a single host, a finite group of hosts, or any host.
Extended ACL: Extended ACLs are useful whenever simple IP source
address restrictions do not provide the breadth of traffic selection criteria you
want to exercise on a VLAN interface. Extended ACLs allow use of the
following criteria:
■ Source and destination IP addresses
TCP application criteria
■
UDP application criteria
■
Connection-Rate ACL. An optional feature used with Connection-Rate fil­
tering based on virus-throttling technology, and available in 5300xl switches
running software release E.09.xx or greater. For more information, refer to
the chapter titled "Virus Throttling" in the Access Security Guide for your
5300xl switch.

ACL Inbound and Outbound Application Points

You can apply ACL filtering to the following types of traffic:
IP traffic routed between different subnets. (IP routing must be
■
enabled.)
IP traffic carrying a destination address (DA) on the switch itself. In
■
figure 9-1, below, this is any of the IP addresses shown in VLANs "A",
"B", and "C" on the switch. (IP routing need not be enabled.)
The switch can apply ACL filtering to traffic entering or leaving the switch
on VLANs configured to apply ACL filters. (When you assign an ACL to a VLAN,
you must specify whether the ACL will filter inbound or outbound traffic. For
example, in figure 9-1: