Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
561562563564565566567568569570
7-27
Access Control Lists (ACLs)
Configuring ACLs
3. From the Interface drop-down menu, select one of the following interfaces:
uplink—the module’s internal uplink port
downlink—the module’s internal downlink port
an uplink VLAN configured on the module
4. Select the ACL to control incoming traffic on the selected interface. The options
available depend on the type of interface:
For VLAN interfaces, select an IP-type ACL from the IP ACL drop-down
menu.
For an uplink or downlink port, you can select ACLs from either the IP ACL
drop-down menu, the MAC ACL drop-down menu, or both.
When you apply both types of ACLs, the Wireless Edge Services zl Module
processes the MAC extended ACL first, so a rule in the MAC ACL always
takes precedence over a rule in the IP ACL. However, if a frame is not
selected by any of a MAC extended ACLs explicit rules, the module sends
the frame to be processed by the IP ACL.
5. Click the OK button to apply the ACL.
6. Click the Save link to preserve your configuration.
Using ACLs with DHCP Services
An ACL filters all traffic as soon as it arrives on the interface to which the ACL is
applied. Remember that most wireless stations have no IP address until they receive
one through DHCP. If you have applied an ACL to the VLAN associated with a
WLAN, the module might drop stations’ DHCP requests before they have the chance
to receive a valid address.
To avoid problems, check all ACLs that filter traffic on a interface on which DHCP
requests might arrive: these ACLs must include a rule that permits those requests.
The best way to meet this requirement is to create an extended IP ACL for the VLAN
in question and add a rule that permits any UDP traffic destined to the DHCP server
port (67).