Manualshelf

WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
7-26
Access Control Lists (ACLs)
Configuring ACLs
Applying ACLs to Interfaces
An ACL does not take effect on the Wireless Edge Services zl Module until you
apply it to an interface. Although you can create and configure many ACLs,
you are limited in the number of ACLs that you can apply:
You can apply one IP ACL to each logical (VLAN) interface.
See “IP Settings” on page 6-3 in Chapter 6: “IP Services—IP Settings,
DHCP, and DNS” to learn how to create a VLAN interface.
You can apply one IP ACL and one MAC extended ACL to the module’s
internal uplink port.
You can apply one IP ACL and one MAC extended ACL to the module’s
internal downlink port.
The Wireless Edge Services zl Module filters all traffic that is inbound to a
physical (uplink or downlink) port with the ACLs applied to those ports.
On the other hand, the module filters only traffic that is inbound to a logical
(VLAN) interface and routed to another interface.
Packets inbound to a VLAN interface include:
packets from the wireless network that have been mapped to that
interface
packets from the wired network that arrive on that interface
The Wireless Edge Services zl Module has already added the Ethernet header
to traffic that has been mapped to a logical (VLAN) interface. For this reason,
the following rules only take effect on ACLs applied to a physical port:
marking traffic with an 802.1p or DSCP value
filtering traffic according to WLAN
If you have configured these options in a rule, that portion of the rule does not
take effect. Other options in the rule take effect normally.
To associate an ACL with an interface, complete these steps.
1. Select Security > ACLs and click the Attach tab.