Manualshelf

WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
551552553554555556557558559560
7-4
Access Control Lists (ACLs)
Overview
You can apply an extended IP ACL to inbound traffic on either a logical (VLAN)
interface or a physical (internal uplink or downlink) interface. Again, an ACL
on a logical interface only affects traffic that the Wireless Edge Services zl
Module actually routes.
MAC Standard ACLs
MAC standard ACLs permit and deny traffic according to the source MAC
address in the frame. The Wireless Edge Services zl Module uses these ACLs
to implement local MAC authentication, restricting access to WLANs accord-
ing to stations’ MAC addresses. For more information on these ACLs, see
“MAC Filters (Local MAC Authentication)” on page 12-75 of Chapter 12: “Wire-
less Network Management.”
MAC Extended ACLs
MAC extended ACLs permit and deny traffic according to the source and
destination MAC addresses, as well as other information in the MAC header,
such as the encapsulated protocol, the VLAN tag, or the 802.1p priority.
You can apply a MAC extended ACL to inbound traffic on a physical (internal
uplink or downlink) interface.
When you apply the ACL to the uplink interface, the ACL examines the
Ethernet header for traffic that arrives on the uplink port from the wired
network.
When you apply the ACL to the downlink interface, the ACL examines the
encapsulated 802.11 header for traffic that arrives from RPs on the downlink
port. The ACL also examines the Ethernet header after the Wireless Edge
Services zl Module bridges the traffic from the WLAN to the VLAN.
ACL Rules
An ACL consists of one or more rules, which the Wireless Edge Services zl
Module processes in order. Each rule performs two functions:
selects traffic according to the filters that you configure
performs an operation on the selected traffic