General acl operating notes – HP 6200YL User Manual

Page 279

Advertising
background image

IPv6 Access Control Lists (ACLs)

General ACL Operating Notes

General ACL Operating Notes

ACLs do not provide DNS hostname support.

ACLs cannot be config­

ured to screen hostname IP traffic between the switch and a DNS.

ACLs Do Not Affect Serial Port Access.

ACLs do not apply to the

switch’s serial port.

ACL Logging.

The ACL logging feature generates a message only when packets are
explicitly denied as the result of a match, and not when explicitly
permitted or implicitly denied. To help test ACL logging, configure the
last entry in an ACL as an explicit

deny statement with a log statement

included, and apply the ACL to an appropriate port or VLAN.

Logging enables you to selectively test specific devices or groups.
However, excessive logging can affect switch performance. For this
reason, ProCurve recommends that you remove the logging option
from ACEs for which you do not have a present need. Also, avoid
configuring logging where it does not serve an immediate purpose.
(Note that ACL logging is not designed to function as an accounting
method.) See also “Apparent Failure To Log All ‘Deny’ Matches” in the
section titled “ACL Problems”, found in appendix C, “Troubleshoot­
ing” of the latest Management and Configuration Guide for your
switch.

When configuring logging, you can reduce excessive resource use by
configuring the appropriate ACEs to match with specific hosts instead
of entire subnets. (For more on resource usage, refer to “Monitoring
Shared Resources” on page 8-103.)

Minimum Number of ACEs in an IPv6 ACL.

An IPv6 ACL must include at

least one ACE to enable traffic screening. An IPv6 ACL can be created “empty”;
that is, without any ACEs. However if an empty ACL applied to an interface,
the Implicit Deny function does not operate, and the ACL has no effect on
traffic.

Monitoring Shared Resources.

Applied ACLs share internal switch

resources with several other features. However, if the internal resources
become fully subscribed, additional ACLs cannot be applied until the neces­
sary resources are released from other applications. For information on
determining current resource availability and usage, refer to appendix E,

8-103

Advertising
This manual is related to the following products:

8200ZL

Popular Brands
Popular manuals