HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Enabling ACL acceleration for an IPv4 basic or IPv4 advanced

ACL

CAUTION:

• ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.

• After you modify an ACL with ACL acceleration enabled, disable and re-enable ACL acceleration to

ensure correct rule matching.

ACL acceleration speeds up ACL lookup. The acceleration effect increases with the number of ACL rules.

ACL acceleration uses memory. To achieve the best trade-off between memory and ACL processing

performance, HP recommends enabling ACL acceleration for large ACLs, for example, ACLs containing

more than 50 rules.

For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can

enable ACL acceleration to avoid session timeouts caused by ACL processing delays.

Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always

uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with

any subsequent match criterion changes.

To enable ACL acceleration for an IPv4 basic or IPv4 advanced ACL:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable ACL

acceleration for an

IPv4 basic or IPv4

advanced ACL.

acl accelerate number

acl-number

By default, the function is disabled.

The ACL must exist.

Only IPv4 basic ACLs and advanced ACLs support

ACL acceleration.

Displaying and maintaining ACLs

Task Command

Remarks

Display configuration and match

statistics for IPv4 basic, IPv4

advanced, and Ethernet frame

header ACLs.

display acl { acl-number | all | name

acl-name } [ | { begin | exclude | include }

regular-expression ]

Available in any view.

Display ACL acceleration

information of the specified or all

ACLs (including IPv4 basic ACLs

and IPv4 advanced ACLs)

display acl accelerate { acl-number | all } [ |

{ begin | exclude | include }

regular-expression ]

Available in any view.

Support for this

command varies by

device model. For more

information, see Access

Control Command

Reference.

Display configuration and match

statistics for IPv6 basic and IPv6

advanced ACLs.

display acl ipv6 { acl6-number | all | name

acl6-name } [ | { begin | exclude | include }

regular-expression ]

Available in any view.