Using acl groups – HP 445946-001 User Manual

Quality of Service

90

Using ACL Groups

Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet

header, such as the source address, destination address, source port number, destination port number,

and others. Packet classifiers identify flows for more processing.
You can define a traffic profile by compiling a number of ACLs into an ACL Group, and assigning the

ACL Group to a port.
ACL Groups are assigned and enabled on a per-port basis. Each ACL can be used by itself or in

combination with other ACLs or ACL Groups on a given switch port.
ACLs can be grouped in the following manner:

•

Access Control Lists
Access Control Lists (ACLs) allow you to classify packets according to a particular content in the
packet header, such as the source address, destination address, source port number, destination port

number, and others. Packet classifiers identify flows for more processing.
The HP 10GbE switch supports up to 384 ACLs. Each ACL defines one filter rule. Each filter rule is a
collection of matching criteria, and can include an action (permit or deny the packet). For example:

ACL 200:
VLAN = 1
SIP = 10.10.10.1 (255.255.255.0)
Action = permit

•

Access Control Groups
An Access Control Group (ACL Group) is a collection of ACLs. For example:

ACL Group 1

ACL 382:
VLAN = 1
SIP = 10.10.10.1 (255.255.255.0)
Action = permit

ACL 383:
VLAN = 2
SIP = 10.10.10.2 (255.255.255.0)
Action = deny

ACL 384:
PRI = 7
DIP = 10.10.10.3 (255.255.0.0)
Action = permit

In the example above, each ACL defines a filter rule. ACL 383 has a higher precedence than
ACL 382, based on its number.
Use ACL Groups to create a traffic profile by gathering ACLs into an ACL Group, and assigning the
ACL Group to a port. The HP 10GbE switch supports up to 384 ACL Groups. Each ACL group

supports up to 96 ACLs.