IPv4 Access Control Lists (ACLs)
Overview of Options for Applying IPv4 ACLs on the Switch
Overview of Options for Applying IPv4
ACLs on the Switch
To apply IPv4 ACL filtering, assign a configured IPv4 ACL to the interface on
which you want traffic filtering to occur. Port traffic ACLs can be applied
either statically or dynamically (using a RADIUS server).
Static ACLS
Static ACLs are configured on the switch. To apply a static ACL, you must
assign it to an interface. A static port ACL is an ACL configured on a port to
filter traffic entering the switch on that port, regardless of whether the traffic
is routed, switched, or addressed to a destination on the switch itself.
Dynamic Port ACLs
A dynamic port ACL is configured on a RADIUS server for assignment to a
given port when the server authenticates a specific client on that port. When
the server authenticates a client associated with that ACL, the ACL is assigned
to the port the client is using. The ACL then filters the IP traffic received
inbound on that port from the authenticated client. When the client session
ends, the ACL is removed from the port. The switch allows as many dynamic
port ACLs on a port as it allows authenticated clients.
Note This chapter describes the IPv4 ACL applications you can statically configure
on the switch. For information on dynamic port ACLs assigned by a RADIUS
server, refer to chapter 6, “Configuring RADIUS Server Support for Switch
Services”.
Table 9-1. Command Summary for Standard IPv4 ACLs
Action Command(s) Page
Create a Standard,
ProCurve(config)# ip access-list standard < name-str >
9-46
Named ACL
ProCurve(config-std-nacl)# < deny | permit >
or
< any | host <SA > | SA/< mask-length > | SA < mask >>
1
Add an ACE to the End
[log]
2
of an Existing Stan-
dard, Named ACL
9-6
