BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
146 Chapter 8: Quality of Service BMD00113, September 2009
ACL Configuration Examples
The following configuration examples illustrate how to use ACLs to block traffic. These basic
configurations illustrate common principles of ACL filtering.
Note – Each ACL filters traffic that ingresses on the port to which the ACL is added. The
egrport classifier filters traffic that ingresses the port to which the ACL is added, and then
egresses the port specified by egrport. In most common configurations, egrport is not used.
ACL Example 1
This example depicts how to configure an ACL to block traffic to a specific host. In this example,
all traffic that ingresses on port 20 is denied if it is destined for the host at IP address 100.10.1.1
1. Configure an Access Control List.
2. Add ACL 1 to port 20.
3. Apply and save the configuration.
ACL Example 2
This example depicts an ACL configuration to block traffic from a network destined for a specific
host address. All traffic that ingresses in port 21 with source IP from the class 100.10.1.0/24 and
destination IP 200.20.2.2 is denied.
>> Main# cfg/acl/acl 400 (Define ACL 400)
>> ACL 400# ipv4/dip 100.10.1.1
Enter destination IP address mask (default 255.255.255.255):
>> Filtering IPv4# ..
>> ACL 400# action deny
>> ACL 400# /cfg/port 20/aclqos (Select port 20 to assign ACLs)
>> Port 20 ACL# add acl 400 (Assign ACL 400 to the port)
>> Port 20 ACL# apply
>> Port 20 ACL# save