Product guide
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
General ACL Operating Notes
General ACL Operating Notes
ACLs do not provide DNS hostname support.
Protocol Support: ACL criteria includes IP, TCP, and UDP. ACLs do not use
these protocols:
■ TOS (Type-of-Service)
■ Precedence
■ MAC information
■ QoS
ACLs do not affect switch serial port access.
ACLs filter both Layer 2 and Layer 3 on a port.
There is no performance degradation with ACLs enabled; traffic is at
line rate.
When the ACL configuration includes TCP or UDP options, the switch
operates in “strict” TCP and UDP mode for increased control. The
switch compares all TCP and UDP packets against the ACLs. (In the ProCurve
Series 9300 Routing Switches, the Strict TCP and Strict UDP modes are
optional and must be specifically invoked.)
Replacing or Adding To an Active ACL Policy. If you assign an ACL to
an interface and subsequently want to add or replace ACEs in that ACL, you
must first remove the ACL from all assigned interfaces.
Note When an ACE becomes active, it screens the packets resulting from new traffic
connections. It does not screen packets resulting from currently open traffic
connections. If you invoke a new ACE to screen packets in a currently open
traffic connection, you must force the connection to close before the ACE can
begin screening packets from that source.
10-80