Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-4
Access Control Lists (ACLs)
Overview
You can apply an extended IP ACL to inbound traffic on either a logical (VLAN)
interface or a physical (internal uplink or downlink) interface. Again, an ACL on a
logical interface only affects traffic that the Wireless Edge Services zl Module
actually routes.
MAC Standard ACLs
MAC standard ACLs permit and deny traffic according to the source MAC address
in the frame. The Wireless Edge Services zl Module uses these ACLs to implement
local MAC authentication, restricting access to WLANs according to stations’ MAC
addresses. For more information on these ACLs, see “MAC Filters (Local MAC
Authentication)” on page 12-75 of Chapter 12: “Wireless Network Management.”
MAC Extended ACLs
MAC extended ACLs permit and deny traffic according to the source and destination
MAC addresses, as well as other information in the MAC header, such as the
encapsulated protocol, the VLAN tag, or the 802.1p priority.
You can apply a MAC extended ACL to inbound traffic on a physical (internal uplink
or downlink) interface.
When you apply the ACL to the uplink interface, the ACL examines the Ethernet
header for traffic that arrives on the uplink port from the wired network.
When you apply the ACL to the downlink interface, the ACL examines the encap-
sulated 802.11 header for traffic that arrives from RPs on the downlink port. The
ACL also examines the Ethernet header after the Wireless Edge Services zl Module
bridges the traffic from the WLAN to the VLAN.
ACL Rules
An ACL consists of one or more rules, which the Wireless Edge Services zl Module
processes in order. Each rule performs two functions:
selects traffic according to the filters that you configure
performs an operation on the selected traffic
For all ACL types, rules include the following specifications:
precedence—the order in which the rule is processed
filters—the criteria by which a rule selects packets
operation—the action that the Wireless Edge Services zl Module takes on traffic
selected by a rule