EasyManua.ls Logo

HP ProCurve 5300xl Series User Manual

HP ProCurve 5300xl Series
664 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #429 background imageLoading...
Page #429 background image
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
and subnet mask are duplicates of the IP address and subnet mask
used for the implicit deny ip any any ACE that the switch automatically
includes at the end of every ACL.
Table 10-3. ACL Rule and Mask Resource Usage
ACE Type Per-Port Rule
Usage
Per-Port
Masks Usage
Standard ACLs
Implicit deny any (automatically included in any standard ACL, but not displayed by
show access-list < acl-# > command).
1 1
First ACE entered 1 1
Next ACE entered with same ACL mask
1
1 0
Next ACE entered with a different ACL mask
1
1 1
Closing ACL with a deny any or permit any ACE having the same ACL mask as the 0 0
preceding ACE
Closing ACL with a deny any or permit any ACE having a different ACL mask than
the preceding ACE
1 1
Extended ACLs
Implicit deny ip an any (automatically included in any standard ACL, but not
displayed by show access-list < acl-# > command).
1 1
First ACE entered 1 1
Next ACE entered with same SA/DA ACL mask and same IP or TCP/UDP protocols
specified
2
1 0
Next ACE entered with any of the following differences from preceding ACE in the
list:
Different SA or DA ACL mask
Different protocol (IP as opposed to TCP/UDP) specified in either the SA or DA
3
1 1
Closing an ACL with a deny ip any any or permit ip any any ACE preceded by an IP
ACE with the same SA and DA ACL masks
0 0
Closing an ACL with a deny ip any any or permit ip any any ACE preceded by an IP
ACE with different SA and/or DA ACL masks
1 1
1
In a given standard ACL, consecutive ACEs must have identical ACL masks in their SA entries to avoid using a separate
per-port mask for each ACE. In a given standard ACL, If two ACEs having identical SA ACL masks are separated by an
ACE with a different SA ACL mask, then three per-port masks are used instead of two; one for each sequential change
in SA ACL masks. Thus, you can conserve per-port resources by grouping SA entries with the same ACL mask together.
2
In a given extended ACL, consecutive ACEs must have the same SA and DA ACL mask and the same protocol application
(IP as opposed to TCP/UDP) to avoid using a separate per-port mask for each ACE. If consecutive ACEs have different
SA or DA ACL masks, or different protocol applications, then each such ACE consumes a separate per-port mask.
3
TCP and UDP are the same for the purpose of determining per-port mask use. Also, actual TCP or UDP port numbers can
vary between ACEs without affecting per-port mask usage. However, if one ACE specifies a TCP/UDP source port and
another does not, another per-port mask will be used.
10-19

Table of Contents

Other manuals for HP ProCurve 5300xl Series

Preview: Access Security Guide
Access Security Guide292 pages
Question and Answer IconNeed help?

Do you have a question about the HP ProCurve 5300xl Series and is the answer not in the manual?

HP ProCurve 5300xl Series Specifications

General IconGeneral
ModelHP ProCurve 5300xl Series
LayerLayer 3
Jumbo Frame SupportYes
SubtypeManaged
ManageableYes
Ports24 or 48
MAC Address Table Size16, 000 entries
Routing ProtocolRIP, OSPF, BGP, PIM
Remote Management ProtocolSNMP, CLI
FeaturesVLAN, QoS
ManagementCLI, Web UI
Operating Temperature0°C to 50°C
Power over Ethernet (PoE)Available on some models
Operating Humidity15% to 95% non-condensing

Summary

2 Static Virtual LANs (VLANs)

Static VLAN Operation

Explains how VLANs form broadcast domains and the operation of port-based VLANs.

VLAN Operation

Details the operation of the default VLAN and multiple port-based VLANs.

VLAN Operating Rules

Covers rules for DHCP/Bootp, per-VLAN features, default VLAN, and port assignments.

General Steps for Using VLANs

Outlines steps for planning VLAN strategy and port assignments.

Configuring VLANs

Details the process of configuring port-based and protocol-based VLAN parameters.

802.1Q VLAN Tagging

Explains the general applications and options of 802.1Q VLAN tagging technology.

VLAN Restrictions

Lists restrictions on port membership, tagging, and routing capabilities.

3 GVRP

General Operation

Explains GVRP's advertisement of static VLANs and dynamic joining of advertised VLANs.

Planning for GVRP Operation

Outlines steps for setting up dynamic VLANs for a network segment.

Configuring GVRP On a Switch

Details how to view, enable, disable, and specify port advertisement handling for GVRP.

Menu: Viewing and Configuring GVRP

Describes using the menu interface to view and configure GVRP.

CLI: Viewing and Configuring GVRP

Describes using the CLI to view and configure GVRP.

Web: Viewing and Configuring GVRP

Describes using the web browser interface to view and configure GVRP.

4 Multimedia Traffic Control with IP Multicast (IGMP)

IGMP General Operation and Features

Explains IGMP general operation and features for multimedia traffic control.

CLI: Configuring and Displaying IGMP

Guides on using CLI commands to configure and display IGMP settings.

Web: Enabling or Disabling IGMP

Explains how to enable or disable IGMP using the web browser interface.

How IGMP Operates

Describes the operation of the Internet Group Management Protocol (IGMP).

Configuring Per-Port Forced Fast-Leave IGMP

Details configuring Forced Fast-Leave IGMP on a per-port basis.

5 PIM-DM (Dense Mode) on the 5300xl Switches

PIM-DM Operation

Explains PIM-DM operation for directing multicast traffic efficiently.

Multicast Flow Management

Provides details on managing forwarding and pruned flows in PIM-DM.

General Configuration Elements

Lists the required elements for PIM-DM configuration.

PIM-DM Operating Rules

Lists operating rules for PIM-DM, including flow capacity and MRT.

Configuring PIM-DM on the Series 5300xl Switches

Details configuration steps at the global and VLAN interface levels.

PIM Global Configuration Context

Explains global configuration parameters for PIM-DM.

PIM VLAN (Interface) Configuration Context

Explains VLAN interface configuration parameters for PIM-DM.

Displaying PIM Data and Configuration Settings on the Series 5300xl Switches

Guides on displaying PIM data and configuration settings.

6 Spanning-Tree Operation

The RSTP (802.1w) and STP (802.1D) Spanning Tree Options

Compares RSTP and STP spanning tree options and their functionalities.

Configuring Rapid Reconfiguration Spanning Tree (RSTP)

Describes the operation and configuration of the IEEE 802.1w Rapid Spanning Tree Protocol.

802.1D Spanning-Tree Protocol (STP)

Menu: Configuring 802.1D STP

CLI: Configuring 802.1D STP

Web: Enabling or Disabling STP

802.1s Multiple Spanning Tree Protocol (MSTP)

How MSTP Operates

Operating Rules

Tips for Planning an MSTP Application

Steps for Configuring MSTP

Outlines general steps for configuring MSTP operation.

Configuring MSTP Operation Mode and Global Parameters

Details configuring MSTP operation mode and global parameters.

Configuring Basic Port Connectivity Parameters

Explains configuring basic port connectivity parameters for MSTP instances.

Configuring MST Instance Parameters

Guides on configuring MST instance parameters and VLAN mapping.

Configuring MST Instance Per-Port Parameters

Details configuring MST instance per-port parameters.

Enabling or Disabling Spanning Tree Operation

Displaying MSTP Statistics and Configuration

Troubleshooting

Offers guidance on troubleshooting MSTP issues like duplicate packets.

8 Quality of Service (QoS): Managing Bandwidth More Effectively

Classifiers for Prioritizing Outbound Packets

Details classifiers used for prioritizing outbound packets on 5300xl and 3400cl/6400cl switches.

Preparation for Configuring QoS

Planning QoS for the Series 3400cl/6400cl Switches

Using QoS Classifiers To Configure Quality of Service for Outbound Traffic

Explains how to use QoS classifiers for outbound traffic priority.

Viewing the QoS Configuration

QoS UDP/TCP Priority

Details assigning 802.1p priority based on TCP or UDP port number.

QoS IP-Device Priority

Explains assigning priority based on IP address (source or destination).

QoS IP Type-of-Service (ToS) Policy and Priority

Covers ToS IP-Precedence and Diffserv modes for packet prioritization.

QoS Layer-3 Protocol Priority (5300xl Switches Only)

QoS VLAN-ID (VID) Priority

Guides on assigning priority based on VLAN-ID.

QoS Source-Port Priority

Explains assigning priority based on the source-port.

Differentiated Services Codepoint (DSCP) Mapping

9 Access Control Lists (ACLs) for the Series 5300xl Switches

The Packet-Filtering Process

Planning an ACL Application

10 Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches

General Steps for Planning and Configuring ACLs

ACL Operation

Planning an ACL Application on a Series 3400cl or Series 6400cl Switch

ACL Resource Usage and Monitoring

Managing ACL Resource Consumption

Troubleshooting a Shortage of Per-Port Resources

Viewing the Current Per-Port Rule and Mask Usage

Security

Guidelines for Planning the Structure of an ACL

ACL Configuration and Operating Rules

How an ACE Uses a Mask To Screen Packets for Matches

Rules for Defining a Match Between a Packet and an Access Control Entry (ACE)

Configuring and Assigning an ACL

Describes the process of configuring and assigning ACLs to interfaces.

General Steps for Implementing ACLs

11 IP Routing Features

IP Route Exchange Protocols

IP Global Parameters for Routing Switches

IP Interface Parameters for Routing Switches

Configuring IP Parameters for Routing Switches

Guides on configuring IP parameters for routing switches.

Configuring IP Addresses

Details configuring IP addresses on routing switch VLAN interfaces.

Changing the Router ID

Configuring ARP Parameters

Guides on configuring ARP parameters.

Configuring Forwarding Parameters

Details configuring forwarding parameters like TTL and directed broadcasts.

Configuring ICMP

Covers configuring ICMP limits and disabling messages.

Configuring Static IP Routes

Guides on configuring static IP routes.

Configuring a Static IP Route

Details the process of configuring a static IP route.

Configuring the Default Route

Configuring a “Null” Route

Configuring RIP

Describes how to configure RIP using the CLI interface.

Configuring RIP Parameters

Guides on configuring RIP parameters system-wide and per VLAN.

Configuring RIP Redistribution

Details configuring routing switches to redistribute routes into RIP.

Displaying RIP Information

Configuring OSPF

Describes how to configure OSPF using the CLI interface.

Configuring OSPF

Outlines steps for beginning OSPF usage on the switch.

Displaying OSPF Information

Configuring IRDP

Explains how to configure IRDP for advertising router interfaces.

Enabling IRDP Globally

Enabling IRDP on an Individual VLAN Interface

Configuring DHCP Relay

Describes DHCP relay configuration.

DHCP Packet Forwarding

Minimum Requirements for DHCP Relay Operation

Enabling DHCP Relay

Guides on enabling DHCP Relay.

Configuring a Helper Address

Details configuring helper addresses for VLANs.

UDP Broadcast Forwarding on 5300xl Switches

Explains UDP broadcast forwarding on 5300xl switches.

Configuring and Enabling UDP Broadcast Forwarding

Guides on configuring and enabling UDP broadcast forwarding.

Displaying the Current IP Forward-Protocol Configuration

Configuring Static Network Address Translation (NAT) for Intranet Applications on the 5300xl Switches

Details configuring Static NAT for intranet applications.

Static NAT Operating Rules

Configuring Static NAT

Guides on configuring static NAT.

Displaying Static NAT Statistics and Configuration

12 Router Redundancy Using XRRP

Overview of XRRP Operation

XRRP During Normal Router Operation

XRRP Fail-Over Operation

Explains how routing functions transfer when a router in the Protection Domain fails.

Configuring XRRP

Guides on performing XRRP configuration via the switch console CLI.

Customizing the XRRP Configuration

Covers customizing XRRP configuration using command options.

Enabling and Disabling XRRP

Details enabling and disabling XRRP on the switch.

Configuration Rules

Configuration Examples

Displaying XRRP Data

13 Stack Management for the Series 3400cl and 6400cl Switches

General Stacking Operation

Operating Rules for Stacking

Configuring Stack Management

Details the process of configuring and bringing up a stack.

Using the Menu Interface To View Stack Status and Configure Stacking

Using the Commander To Manage The Stack

Explains how the Commander manages the stack, members, and access.

Monitoring Stack Status

Using the CLI To View Stack Status and Configure Stacking

Using the CLI To Configure a Commander Switch

Details configuring a switch as a Commander.

Adding to a Stack or Moving Switches Between Stacks

Using the CLI To Remove a Member from a Stack

Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring

Explains how to access member switches via the Commander for configuration and monitoring.

Using the CLI To Disable or Re-Enable Stacking

Related product manuals