BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
144 Chapter 8: Quality of Service BMD00113, September 2009
Access Control List Groups
An Access Control List Group (ACL Group) is a collection of ACLs. For example:
ACL Groups organize ACLs into traffic profiles that can be more easily assigned to ports. The
GbE2c supports up to 762 ACL Groups.
Note – ACL Groups are used for convenience in assigning multiple ACLs to ports. ACL Groups
have no effect on the ACL order of precedence. All ACLs assigned to the port (whether individually
assigned or part of an ACL Group) are considered as individual ACLs for the purposes of
determining their order of precedence.
Assigning ACLs to a Port
Once you configure an ACL, you must assign the ACL to a port. Each port can accept multiple
ACLs. Note that higher-priority ACLs are considered first, and their action takes precedence over
lower-priority ACLs.
When you assign an ACL to a port, the ACL acts only upon ingress traffic, not egress traffic.
To assign an ACL to a port, use the following command:
To assign an ACL Group to a port, use the following command:
ACL Group 1
ACL 300:
VLAN = 1
SIP = 10.10.10.1 (255.255.255.0)
Action = permit
ACL 301:
VLAN = 2
SIP = 10.10.10.2 (255.255.255.0)
Action = deny
ACL 500:
DIP = 10.10.10.3 (255.255.255.0)
Action = permit
# /cfg/port <x>/aclqos/add acl 130
# /cfg/port <x>/aclqos/add grp 20