HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 341
Planning an ACL Application, Switch Resource Usage, Prioritizing and Monitoring ACL and QoS
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 341 highlights
IPv4 Access Control Lists (ACLs) Planning an ACL Application Overriding the Implicit "Deny Any". If you want an ACL to permit any inbound packets that are not explicitly denied by other entries in the ACL, you can do so by configuring a permit any entry as the last entry in the ACL. Doing so permits any packet not explicitly denied by earlier entries. (On extended ACLs, you must configure permit ip any any.) Planning an ACL Application Before creating and implementing ACLs, you should understand the switch resources available to support ACL operation, define the policies you want your ACLs to enforce, and understand how your ACLs will impact your network users. Switch Resource Usage ACLs load resources in ways that require more careful attention to resource usage when planning a configuration using these features. Otherwise, there is an increased possibility of fully consuming some resources, which means that at some point the switch would not support further ACL configurations. This section describes resource planning for ACLs on your switch. Prioritizing and Monitoring ACL and QoS, Feature Usage If you want to configure ACLs on your switch, plan and implement your configuration in descending order of feature importance. This will help to ensure that the most important features are configured first. Also, if insuffi cient resources become a problem, this approach can help you recognize how to distribute the desired feature implementations across multiple switches to achieve your objectives. ACL Resource Usage and Monitoring ACL configurations use internal rules on a per-device basis. There are 128 rules available for configuring ACLs with the CLI and 128 rules available for config uring ACLs with IDM. You can apply a CLI ACL and IDM ACL on the same port at the same time. The switch uses resources required by the ACEs in an ACL when you apply the ACL to one or more port and/or static trunk interfaces. 9-17