KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

161

162

163

164

165

166

167

168

169

170

Using the network in Figure 12 (page 161), a device at 10.10.20.4 on VLAN 20

attempting to ping and Telnet to 10.10.20.12 is filtered through the VACL instance

of the "Test-1" ACL on VLAN 20 and results in the following:

Example 110 Ping and Telnet from 10.10.20.4 to 10.10.20.2 filtered by the assignment of "Test-1"

as an IPv4 VACL on VLAN 20

HP Switch(config)# ping 10.10.20.2

10.10.20.2 is alive, time = 5 ms

HP Switch(config)# telnet 10.10.20.2

Telnet failed: Connection timed out.

HP Switch(config)#

Example 111 Resulting ACE hits on IPv4 ACL “Test-1”

HP Switch(config)# show statistics aclv4 Test-1 vlan 20 vlan

Hit Counts for ACL Test-1

Total

( 5)

10 deny tcp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 eq

23 log

( 2)

20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

HP Switch# show statistics aclv4 Test-1 vlan 50 in

Hit Counts for ACL Test-1

Total

( 0)

10 deny tcp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 eq

23 log

( 0)20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

Indicates denied attempts to Telnet to 10.10.20.12 filtered by

the instance of the “Test-1” VACL assignment on VLAN 20

Indicates permitted attempts to reach any accessible destination

via the instance of the “Test- 1”VACL assignment on VLAN 20.

In this example, shows the successful pings permitted by ACE

Shows that the hits on the instance of the “Test-1”VACL

assignment on VLAN 20 have no effect on the counters for the

RACL assignment of “Test-1” on VLAN 50

However, using a device at 10.10.30.11 on VLAN 50 for attempts to ping and

Telnet to 10.10.20.12 requires routing and filters the attempts through the RACL

instance of the “Test-1”ACL on VLAN 50.

Example 112 Ping and Telnet from 10.10.30.11 to 10.10.20.2 filtered by the assignment of "Test-1"

as an IPv4 RACL on VLAN 30

HP Switch# ping 10.10.20.2

10.10.20.2 is alive, time = 25 ms

HP Switch# telnet 10.10.20.2

Telnet failed: Connection timed out.

HP Switch#

This action has an identical effect on the counters in all RACL instances of the "Test-1"

ACL configured and assigned to interfaces on the same switch. In this example, it

means that the RACL assignments of "Test-1" on VLANs 50 and 70 are incremented

by the above action occurring on VLAN 50.

162 IPv6 Access Control Lists (ACLs)