Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl
291292293294295296297298299300
10-11
Access Control Lists (ACLs)
Terminology
ACL: See “Access Control List”.
ACL ID: A number or alphanumeric string used to identify an ACL. A standard
ACL ID can have either an alphanumeric string or a number in the range
of 1 to 99. An extended ACL ID can have either an alphanumeric string or
a number in the range of 100 to 199. See also “Identifier”.
Note: RADIUS-assigned ACLs are identified by client authentication data
and do not use the ACL ID strings described here.
ACL Mask: Follows any IP address (source or destination) listed in an ACE.
Defines which bits in a packet’s corresponding IP addressing must exactly
match the IP addressing in the ACE, and which bits need not match
(wildcards). See also “How an ACE Uses a Mask To Screen Packets for
Matches” on page 10-36.)
CIDR: This is the acronym for Classless Inter-Domain Routing.
Connection-Rate ACL: An optional feature used with Connection-Rate
filtering based on virus-throttling technology. For more information, refer
to the chapter 3, “Virus Throttling”.
DA: The acronym used in text to represent Destination IP Address. In an IP
packet, this is the destination IP address carried in the header, and
identifies the destination intended by the packet’s originator. In an
extended ACE, this is the second of two IP addresses required by the ACE
to determine whether there is a match between a packet and the ACE. See
also “SA”.
Deny: An ACE configured with this action causes the switch to drop an IP
packet for which there is a match within an applicable ACL.
Dynamic Port ACL: An ACL assigned by a RADIUS server to a port to filter
inbound IP traffic from a client authenticated by the server for that port.
A dynamic port ACL filters all inbound IP traffic, regardless of whether it
is switched or routed. When the client session ends, the dynamic port ACL
for that client is removed from the port.
Extended ACL: This type of Access Control List uses layer-3 IP criteria
composed of source and destination IP addresses and (optionally) TCP/
UDP port, ICMP, IGMP, precedence, or ToS criteria to determine whether
there is a match with an IP packet. Except for RADIUS-assigned ACLs,
which use client credentials for identifiers, extended ACLs require an
alphanumeric name or an identification number (ID) in the range of 100 -
199.