Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-3
Access Control Lists (ACLs)
Overview
ACL Types
The Wireless Edge Services zl Module supports two basic ACL types:
IP ACLs—based on the IP header (Layer 3)
IP ACLs control traffic inbound on an interface. They can apply to the Wireless
Edge Services zl Module’s virtual LAN (VLAN) interfaces or to its two physical
interfaces: the internal uplink and downlink ports. If applied to a VLAN interace,
the IP ACLs control routed traffic. If applied to a physical port, the IP ACLs
control inbound traffic on all VLANs tagged for that interface.
MAC ACLs—based on the Media Access Control (MAC) header (Layer 2)
Standard MAC ACLs are used for MAC authentication. You can apply extended
MAC ACLs to the module’s physical interfaces, but not to its VLAN interfaces.
Like IP ACLs, the extended MAC ACLs affect inbound traffic.
Both types of ACLs include two subtypes: standard and extended.
Standard IP ACLs
Standard IP ACLs permit and deny traffic according to source IP addresses. They
match inbound traffic based on the following IP header fields:
source IP address—either any IP address, an individual (“host”) IP address, or
all IP addresses in a particular subnetwork
WLAN index—the index number (1 through 256) of the WLAN through which
the packet arrived (for physical interfaces only)
You can apply a standard IP ACL to inbound traffic on either a logical (VLAN)
interface or a physical (internal uplink or downlink) interface. When you apply an
ACL to a logical interface, the traffic must be routed to be filtered.
Extended IP ACLs
Extended IP ACLs can permit and deny traffic according to more sophisticated
criteria than standard IP ACLs. They match inbound traffic based on the following
IP header fields:
source and destination IP address—either any IP address, an individual
(“host”) IP address, or all IP addresses in a particular subnetwork
ICMP message type and code
TCP and UDP source and destination ports
WLAN index—the index number (1 through 256) of the WLAN through which
the packet arrived (for physical interfaces only)