WESM zl Management and Configuration Guide WT.01.XX and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1-41

Introduction

ProCurve Wireless Edge Services zl Module

MAC extended ACLs, like MAC standard ACLs, filter traffic according to

information in the Layer 2 header. However, the extended ACL provides many

more options for filters, including destination MAC address, 802.1p priority

value, and the type of encapsulated protocol. For example, you can permit

IPv4 traffic but drop IPv6 traffic.

The IP ACLs operate at Layer 3. A standard IP ACL filters traffic according to

source IP address only. An extended IP ACL, on the other hand, examines many

fields in the Layer 3 IP header and even the Layer 4 TCP or UDP header. For

example, an extended IP ACL could select traffic associated with a particular

application by specifying the destination TCP or UDP port for that application.

Table 1-3 compares the various types of ACLs.

Table 1-3. ACL Types

The Wireless Edge Services zl Module applies an ACL to traffic that arrives on

a particular interface:

■ You can apply one IP ACL to a VLAN interface. It affects traffic that arrives

on the VLAN interface and is routed to another VLAN.

Traffic arrives on a VLAN interface in these two circumstances:

• The Wireless Edge Services zl Module maps a wireless frame to

that VLAN.

In other words, the module decapsulates the frame received from a

WLAN, removes the 802.11 header, and adds an Ethernet header with

a tag for that VLAN. The VLAN assignment might originate in a static

setting for the entire WLAN or from a dynamic assignment received

from a RADIUS server.

Functionality Standard IP ACLs Extended IP ACLs MAC Standard ACLs MAC Extended ACL

Operates at Layer 3 Layer 3/4 Layer 2 Layer 2

Filters traffic

according to

source address • source address

• destination address

•protocol

• TCP or UDP source

port or destination

port

• ICMP type

source address • source address

• destination address

• encapsulated

protocol

Applies to traffic

• individual VLAN

interface

• physical interface

(uplink or

downlink port)

• individual VLAN

interface

• physical interface

(uplink or downlink

port)

physical interface (uplink

or downlink port)

physical interface (uplink

or downlink port)