KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

301

302

303

304

305

306

307

308

309

310

NOTE: ACLs for IPv4 configuration and operation. Because the switches covered by this guide

support IPv4/IPv6 dual-stack operation, simultaneous operation of statically configured IPv4 and

IPv6 ACLs is supported in these switches as well as dynamic (RADIUS-siigned) ACLs capable of

filtering both IPv4 and IPv6 traffic from authenticated clients.However:

• IPv4 and IPv6 ACEs cannot be combined in the same static ACL.

• IPv4 and IPv6 static ACLs do not filter each other’s traffic.

In the following information, unless otherwise noted:

• The term “ACL” refers to static IPv4 ACLs.

• Descriptions of ACL operation apply only to static IPv4 ACLs.

See “IPv6 Access Control Lists (ACLs)” in the IPv6 Configuration Guide for your switch.

IPv4 filtering with ACLs can help improve network performance and restrict network use by creating

policies for:

Switch Management Access

Permits or denies in-band management access. This includes limiting and/or preventing the

use of designated protocols that run on top of IPv4, such as TCP, UDP, IGMP, ICMP, and others.

Also included are the use of precedence and ToS criteria, and control for application transactions

based on source and destination IPv4 addresses and transport layer port numbers.

Application Access Security

Eliminates unwanted traffic in a path by filtering IPv4 packets where they enter or leave the

switch on specific VLAN interfaces.

IPv4 ACLs can filter traffic to or from a host, a group of hosts, or entire subnets.

NOTE: IPv4 ACLs can enhance network security by blocking selected traffic, and can serve as

part of your network security program. However, because ACLs do not provide user or device

authentication, or protection from malicious manipulation of data carried in IPv4 packet

transmissions, they should not be relied upon for a complete security solution. IPv4 ACLs on the

switches covered by this manual do not filter non-IPv4 traffic such as IPv6, AppleTalk, and IPX

packets.

NOTE: In the information provided here, unless otherwise noted, the term "ACL" refers to static

IPv4 ACLs.

Descriptions of ACL operation apply only to static IPv4 ACLs.

Because the switches covered by this guide support IPv4/IPv6 dual-stack operation, simultaneous

operation of statically configured IPv4 and IPv6 ACLs is supported in these switches, as well as

dynamic (RADIUS-assigned) ACLs capable of filtering both IPv4 and IPv6 traffic from authenticated

clients. However:

• IPv4 and IPv6 ACEs cannot be combined in the same static ACL.

• IPv4 and IPv6 static ACLs do not filter each other's traffic.

See the chapter titled "IPv6 Access Control Lists (ACLs)" in the IPv6 Configuration Guide for your

switch.

Interface options:

Table 27 Interface options:

Filter actionApplication pointACL applicationInterface

inbound IPv4 trafficinbound on the switch portStatic Port ACL (switch configured)Port

inbound IPv4 and/or IPv6 traffic

from the authenticated client

inbound on the switch port used

by authenticated client

RADIUS-Assigned ACL

302 IPv4 Access Control Lists (ACLs)