Листовка для HP ProCurve Wireless Edge Services xl Module J9001A
Модели
J9001A
4
5. Once this ACL is ready, it should look like Figure 3 on your screen.
Figure 3: L2 ACL setup complete
Setting up the L2 ACL on the CLI
If you desire or need to set the L2 ACL via command line interface, connect to your Wireless Edge Services
Module CLI and enter the configuration mode (you can refer to the user manual if you have doubts about how
this is done). Once you are connected follow these steps.
Module CLI and enter the configuration mode (you can refer to the user manual if you have doubts about how
this is done). Once you are connected follow these steps.
1. Without quotes type “mac access-list extended” and an ID for the ACL, this ID has to be outside the
range 1-199 and 1300-2699. I will select 210 for this example. After this hit Enter and you will enter a
configuration mode to enter the rules for this ACL.
configuration mode to enter the rules for this ACL.
2. In this new mode, enter the following command without the quotes: “permit any type arp rule-precedence
10” and press Enter.
3. Type “exit” without the quotes and then hit Enter.
4. You are done. You can refer to Figure 4 to check the previous steps.
5. You can check which MAC ACLs are set in your WESM with the command “show mac access-list”. See
4. You are done. You can refer to Figure 4 to check the previous steps.
5. You can check which MAC ACLs are set in your WESM with the command “show mac access-list”. See
Figure 5 for an example.
Figure 4: Setting the L2 ACL on the CLI
Figure 5: Viewing all the MAC ACLs on the CLI
Below are some examples of scenarios that will help you understand how to configure ACLs on the uplink port.
Please note that all of them will use the MAC Extended List that we created above, so it’s a good idea to have
it created before starting the next section.
Please note that all of them will use the MAC Extended List that we created above, so it’s a good idea to have
it created before starting the next section.
Example case 1: Denying ping to a specific host.
In this scenario we will deny the ping from any wireless station to a specific wired host. Once you learn how to
do this, applying it to several specific hosts will be easy for you.
do this, applying it to several specific hosts will be easy for you.
Steps to follow on the Web UI
Preparing the ACLs:
To block ping traffic we have to create a L3 ACL that blocks the ICMP protocol. To do this, follow the next steps.
Preparing the ACLs:
To block ping traffic we have to create a L3 ACL that blocks the ICMP protocol. To do this, follow the next steps.
1. Navigate to the Security hash, select the ACLs node and click the Add button on the lower right of the
ACLs box section.
2. A popup window will appear, select Extended IP List from the dropdown menu and give the ACL an ID in
the indicated range. You can look at Figure 6 for an example.
3. Select the recently created Extended IP List and click the Add button on the lower left side of the Associated
Rules section.