Product guide

ManualsBrandsProCurve ManualsComputer equipment6400cl

421

422

423

424

425

426

427

428

429

430

Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches

Contents

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-28

What Is the Difference Between Network (or Subnet)

Rules for Defining a Match Between a Packet and an

A Configured ACL Has No Effect Until You

Guidelines for Planning the Structure of an ACL . . . . . . . . . . . . . . . 10-29

ACL Configuration and Operating Rules . . . . . . . . . . . . . . . . . . . . . . 10-30

How an ACE Uses a Mask To Screen Packets for Matches . . . . . . . 10-32

Masks and the Masks Used with ACLs? . . . . . . . . . . . . . . . . . . . 10-32

Access Control Entry (ACE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33

Configuring and Assigning an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

General Steps for Implementing ACLs . . . . . . . . . . . . . . . . . . . . 10-38

Types of ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38

ACL Configuration Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39

Standard ACL Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-40

Extended ACL Configuration Structure . . . . . . . . . . . . . . . . . . . 10-40

ACL Configuration Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-42

ACL Resource Consumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-42

The Sequence of Entries in an ACL Is Significant . . . . . . . . . . . 10-42

In Any ACL, There Will Always Be a Match . . . . . . . . . . . . . . . . 10-44

Apply It to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-44

Using the CLI To Create an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-44

General ACE Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-44

Using CIDR Notation To Enter the ACL Mask . . . . . . . . . . . . . . 10-45

Configuring and Assigning a Numbered, Standard ACL . . . . . . . . . 10-47

Configuring and Assigning a Numbered, Extended ACL . . . . . . . . . 10-52

Configuring a Named ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-58

Enabling or Disabling ACL Filtering on an Interface . . . . . . . . . . . . 10-61

Deleting an ACL from the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-62

Displaying ACL Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-62

Display an ACL Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-63

Display the Content of All ACLs on the Switch . . . . . . . . . . . . . . . . . 10-63

Display the ACL Assignments for an Interface . . . . . . . . . . . . . . . . . 10-64

Displaying the Content of a Specific ACL . . . . . . . . . . . . . . . . . . . . . 10-65

Displaying the Current Per-Port ACL Resources . . . . . . . . . . . . . . . 10-67

10-2