Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl
311312313314315316317318319320
10-25
Access Control Lists (ACLs)
Overview
5. Assign the ACLs to the interfaces you want to filter, using the ACL
application (static port ACL, VACL, or RACL) appropriate for each assign-
ment. (For RADIUS-assigned ACLs, refer to the Note in the table in step
1 on page 10-24.)
6. If you are using an RACL, ensure that IP routing is enabled on the switch.
7. Test for desired results.
For more details on ACL planning considerations, refer to “Planning an ACL
Application” on page 10-30.
Notes on IP Routing To activate a RACL to screen inbound IP traffic for routing between subnets,
assign the RACL to the statically configured VLAN on which the traffic enters
the switch. Also, ensure that IP routing is enabled. Similarly, to activate a RACL
to screen routed, outbound IP traffic, assign the RACL to the statically
configured VLAN on which the traffic exits from the switch. A RACL config-
ured to screen inbound IP traffic with a destination IP address on the switch
itself does not require routing to be enabled. (ACLs do not screen outbound
IP traffic generated by the switch, itself.) Refer to “ACL Screening of IP Traffic
Generated by the Switch” on page 10-113.)
Caution Regarding
the Use of Source
Routing
Source routing is enabled by default on the switch and can be used to override
ACLs. For this reason, if you are using ACLs to enhance network security, the
recommended action is to use the no ip source-route command to disable
source routing on the switch. (If source routing is disabled in the running-
config file, the show running command includes “no ip source-route” in the
running-config file listing.)