Листовка для HP ProCurve Wireless Edge Services xl Module J9001A
Модели
J9001A
8
Once you have completed this step, apply the ACL as indicated in the previous subsections and try pinging
again, if it can’t ping everything is in line. Take out the ACLs from the uplink port and ping again to be sure that
it works correctly and you are done testing.
again, if it can’t ping everything is in line. Take out the ACLs from the uplink port and ping again to be sure that
it works correctly and you are done testing.
Example case 2: Denying a ping to any host.
In this scenario we will deny the ping from any wireless station to any wired host.
Steps to follow on the Web UI
Preparing the ACLs:
To block ping traffic we have to create a L3 ACL that blocks the ICMP protocol similar to example case 1. To do
this, follow the next steps.
Preparing the ACLs:
To block ping traffic we have to create a L3 ACL that blocks the ICMP protocol similar to example case 1. To do
this, follow the next steps.
1. Navigate to the Security hash, select the ACLs node and click the Add button on the lower right of the
ACLs box section.
2. A popup window will appear, select Extended IP List from the dropdown menu and give the ACL an ID in
the indicated range.
3. Select the recently created Extended IP List and click the Add button on the lower left side of the Associated
Rules section.
4. Set a precedence number, select “deny” as the operation, select “icmp” as the protocol, for the destination
and source wildcards. Select “any” and finally click OK to save the rule. With this rule none of the wireless
stations will be able to ping any network device on the wired network, neither a wired device will be able
to ping your wireless stations. Check Figure 13 to see how this should look.
stations will be able to ping any network device on the wired network, neither a wired device will be able
to ping your wireless stations. Check Figure 13 to see how this should look.
5. Again hit the Add button and in the popup window set a precedence number higher than the previous rule
(for example if you selected 10 for the first one, select 11, 12 or other number above 10). Select “permit”
as the operation, select “ip” as the protocol, use “any” as the source and destination wildcards and finally
click OK. This rule is necessary because if you don’t set it, the implicit deny all rule will take effect over
all the traffic that flows inbound to the WESM through its uplink port. As a result, you will lose your web
communication with the WESM and your wireless clients won’t be able to receive any packets from the
wired side of the network.
as the operation, select “ip” as the protocol, use “any” as the source and destination wildcards and finally
click OK. This rule is necessary because if you don’t set it, the implicit deny all rule will take effect over
all the traffic that flows inbound to the WESM through its uplink port. As a result, you will lose your web
communication with the WESM and your wireless clients won’t be able to receive any packets from the
wired side of the network.
6. Once this ACL is ready it should look like Figure 14 on your screen
Figure 13: Setting up the ICMP deny any any rule