Manualshelf

Product guide

ManualsBrandsProCurve ManualsComputer equipment6400cl
501502503504505506507508509510
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Enable ACL “Deny” Logging
Note If a transport error occurs, the switch does not execute the command and the
ACL is not configured.
3. Next, assign the new ACL to the intended interface which, in this example,
is for port 2.
ProCurve(config)# interface 2 access-group 160 in
4. Inspect the effect of the ACL on the switch’s per-port resources.
ACL 160 used six per-port rules and 5 ACL masks on port 2. This means that ACL 160 could be
replaced with a larger ACL that uses up to three more masks. The switch reserves eight masks
per-port for ACL and IGMP use. (When enabled in a VLAN, IGMP uses one mask per-port on all
ports on the switch.)
Figure 10-32. Inspection of Per-Port Resource Usage After Assigning an ACL
5. Inspect the new running configuration:
ProCurve(config)# show running
6. If the configuration appears satisfactory, save it to the startup-config file:
ProCurve(config)# write memory
Enable ACL “Deny” Logging
ACL logging enables the switch to generate a message when IP traffic meets
the criteria for a match with an ACE that results in an explicit “deny” action.
You can use ACL logging to help:
Test your network to ensure that your ACL configuration is detecting
and denying the traffic you do not want forwarded
10-75