Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
561562563564565566567568569570
7-25
Access Control Lists (ACLs)
Configuring ACLs
Applying ACLs to Interfaces
An ACL does not take effect on the Wireless Edge Services zl Module until you apply
it to an interface. Although you can create and configure many ACLs, you are limited
in the number of ACLs that you can apply:
You can apply one IP ACL to each logical (VLAN) interface.
See “IP Settings” on page 6-3 in Chapter 6: “IP Services—IP Settings, DHCP,
and DNS” to learn how to create a VLAN interface.
You can apply one IP ACL and one MAC extended ACL to the module’s internal
uplink port.
You can apply one IP ACL and one MAC extended ACL to the module’s internal
downlink port.
The Wireless Edge Services zl Module filters all traffic that is inbound to a physical
(uplink or downlink) port with the ACLs applied to those ports.
On the other hand, the module filters only traffic that is inbound to a logical (VLAN)
interface and routed to another interface.
Packets inbound to a VLAN interface include:
packets from the wireless network that have been mapped to that interface
packets from the wired network that arrive on that interface
The Wireless Edge Services zl Module has already added the Ethernet header to
traffic that has been mapped to a logical (VLAN) interface. For this reason, the
following rules only take effect on ACLs applied to a physical port:
marking traffic with an 802.1p or DSCP value
filtering traffic according to WLAN
If you have configured these options in a rule, that portion of the rule does not take
effect. Other options in the rule take effect normally.
To associate an ACL with an interface, complete these steps.
1. Select Security > ACLs and click the Attach tab.