Access Control Lists (ACLs) for the Series 5300xl Switches
Introduction
Introduction
This chapter applies only to the Series 5300xl Switches. For ACL operation
on Series 3400cl and Series 6400clswitches, refer to the chapter 10, “Access
Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches”.
Feature Default Menu CLI Web
Numbered ACLs
Standard ACLs None — 9-33 —
Extended ACLs None — 9-38 —
Named ACLs — 9-44 —
Enable or Disable an ACL — 9-46 —
Display ACL Data n/a — 9-48 —
Delete an ACL n/a — 9-47 —
Configure an ACL from a TFTP Server n/a — 9-56 —
Enable ACL Logging n/a — 9-60 —
Layer 3 IP filtering with ACLs on the Series 5300XL switches can help improve
network performance and restrict network use by creating policies for:
■ Switch Management Access: Permits or denies in-band manage-
ment access. This includes preventing the use of certain TCP or UDP
applications (such as Telnet, SSH, web browser, and SNMP) for
transactions between specific source and destination IP addresses.)
■ Application Access Security: Eliminates unwanted IP, TCP, or UDP
traffic in a path by filtering packets where they enter or leave the
switch on specific VLAN interfaces.
ACLs on the 5300xl switches can filter traffic to or from a host, a group of
hosts, or entire subnets.
This chapter describes how to configure, apply, and edit ACLs in a network
populated with HP Series 5300XL switches (with IP routing support enabled)
and how to monitor the results of ACL actions.
Notes ACLs can enhance network security by blocking selected IP traffic, and can
serve as part of your network security program. However, because ACLs do
not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution.
Series 5300XL ACLs do not screen non-IP traffic such as AppleTalk and IPX.
9-3
To Next Page
Loading...
Need help?
General