Manualshelf

User Manual

ManualsBrandsHP ManualsComputer Accessories6200YL
211212213214215216217218219220
IPv6 Access Control Lists (ACLs)
Configuring and Assigning an IPv6 ACL
General ACE Rules
These rules apply to all ACEs you create or edit using the CLI:
Adding or Inserting an ACE in an ACL. To add an ACE to the end of an
ACL, use the ipv6 access-list < name-str > command to enter the context for a
specific IPv6 ACL. (If the ACL does not already exist in the switch configura-
tion, this command creates it.) Then enter the text of the ACE without
specifying a sequence number. For example, the following pair of commands
enter the context of an ACL named “List-1” and add a “permit” ACE to the end
of the list. This new ACE permits the IPv6 traffic from the device at
2001:db8:0:a9:8d:100 to go to all destinations.
ProCurve(config)# ipv6 access-list List-1
ProCurve(config-ipv6-acl)# permit host 2001:db8:0:a9::8d:100 any
To insert an ACE anywhere in an existing ACL, enter the context of the ACL
and specify a sequence number. For example, to insert a new ACE as line 15
between lines 10 and 20 in an existing ACL named “List-2” to deny traffic from
the device at 2001:db8:0:a9::8d:77, you would use the following commands:
ProCurve(config)# ipv6 access-list List-2
ProCurve(config-ipv6-acl)# 15 deny ipv6 host 2001:db8:0:a9::8d:77 any
To Delete an ACE. Enter the ACL context and delete the sequence number
for the unwanted ACE. (To view the sequence numbers of the ACEs in a list,
use show access-list < acl-name-str > config.) For example, to delete the ACE
at line 40 in an ACL named “List-2”, you would enter the following commands:
ProCurve(config)# ipv6 access-list List-2 config
ProCurve(config-ipv6-acl)# no 40
Duplicate ACE Sequence Numbers. Duplicate sequence numbering for
ACEs are not allowed in the same ACL. Attempting to enter a duplicate ACE
displays the Duplicate sequence number message.
Using CIDR Notation To Enter the IPv6 ACL Prefix Length
CIDR (Classless Inter-Domain Routing) notation is used to specify ACL prefix
lengths. The switch compares the address bits specified by a prefix length for
an SA or DA in an ACE with the corresponding address bits in a packet being
filtered by the ACE. If the designated bits in the ACE and in the packet have
identical settings, then the addresses match.
8-41