Manualshelf

R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
11121314151617181920
4
For example, if the numbering step is 5 (the default), and there are five ACL rules numbered 0, 5, 9, 10,
and 12, the newly defined rule is numbered 15. If the ACL does not include any rule, the first rule is
numbered 0.
Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules
numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2,
4, 6, and 8.
Implementing time-based ACL rules
You can implement ACL rules based on the time of day by applying a time range to them. A time-based
ACL rule only takes effect in any time periods specified by the time range.
The following basic types of time range are available:
Periodic time range—Recurs periodically on a day or days of the week.
Absolute time range—Represents only a period of time and does not recur.
You can specify a time range in ACL rules before or after you create it. However, the rules using the time
range take effect only after you define the time range.
Fragments filtering with ACLs
Traditional packet filtering matches only first fragments of packets, and allows all subsequent non-first
fragments to pass through. Attackers can fabricate non-first fragments to attack networks.
To avoid the risks, the HP ACL implementation does the following:
Filters all fragments by default, including non-first fragments.
Allows for matching criteria modification, for example, filters non-first fragments only.
Configuration task list
Task Remarks
Configuring a time range
Optional.
Applicable to IPv4 and IPv6.
Configuring a WLAN ACL
Required.
Configure at least one task.
Applicable to IPv4 and IPv6 except that simple ACLs
are for IPv6.
Configuring a basic ACL
Configuring an advanced ACL
Configuring a user-defined ACL
Configuring a simple ACL
Configuring an Ethernet frame header ACL
Copying an ACL
Optional.
Applicable to IPv4 and IPv6.
Configuring a time range
You can create a maximum of 256 time ranges, each having a maximum of 32 periodic statements and
12 absolute statements. If a time range has multiple statements, its active period is calculated as follows: