BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
BMD00113, September 2009 Chapter 8: Quality of Service 147
1. Configure an Access Control List.
2. Add ACL 2 to port 21.
3. Apply and save the configuration.
ACL Example 3
This example depicts an ACL configuration to block traffic that is destined to egress a specific port.
In the following configuration, all traffic (Layer 2 known unicast) that ingresses on port 20 from
source MAC 00:21:00:00:00:00 and is destined for port 21 is denied.
1. Configure an Access Control List.
2. Add ACL 3 to port 23.
3. Apply and save the configuration.
>> Main# cfg/acl/acl 401 (Define ACL 401)
>> ACL 401# ipv4/sip 100.10.1.0 255.255.255.0
>> Filtering IPv4# dip 200.20.2.2 255.255.255.255
>> Filtering IPv4# ..
>> ACL 401# action deny
>> ACL 2# /cfg/port 21/aclqos (Select port 21 to assign ACLs)
>> Port 21 ACL# add acl 401 (Assign ACL 2 to the port)
>> Port 21 ACL# apply
>> Port 21 ACL# save
>> Main# /cfg/acl/acl 384 (Define ACL 384)
>> ACL 384# egrport 21
>> ACL 384# action deny
>> ACL 384# /cfg/acl/acl 700 (Define ACL 700)
>> ACL 700# ethernet/smac 002100000000 ffffffffffff
>> Filtering Ethernet# ..
>> ACL 700# action deny
>> ACL 700# /cfg/port 20/aclqos (Select port 20 to assign ACLs)
>> Port 23 ACL# add acl 384 (Assign ACL 384 to the port)
>> Port 23 ACL# add acl 700 (Assign ACL 700 to the port)
>> Port 23 ACL# apply
>> Port 23 ACL# save