HP 6200YL User Manual
Page 213
IPv6 Access Control Lists (ACLs)
Configuring and Assigning an IPv6 ACL
For example, the ACL in figure 8-8 filters traffic for individual hosts in some
instances and all hosts in others:
ProCurve# show run
.
.
.
ipv6 access-list "Sample-List-1"
10 permit ipv6 2001:db8:0:130::55/128 2001:db8:0:130::240/128
20 permit tcp ::/0 ::/0 eq 23
30 remark "ALLOWS HTTP FROM SINGLE HOST."
30 permit tcp 2001:db8:0:140::14/128 eq 80 ::/0 eq 3871
40 remark "DENIES HTTP FROM ANY TO ANY."
40 deny tcp ::/0 ::/0 eq 80 log
50 deny udp 2001:db8:0:150::44/128 eq 69 2001:db8:0:120::19/128
range 3680 3690 log
60 deny udp ::/0 2001:db8:0:150::121/128 log
70 permit ipv6 2001:db8:0:01::/56 ::/0
exit
Figure 8-8. Example of a Displayed ACL Configuration
Line
Action
10
Permits all IPv6 traffic from the host at 2001:db8:0:130::55 to the host at
2001:db8:0:130::240.
20
Permits all Telnet traffic from any source to any destination.
30
Includes a remark and permits TCP port 80 traffic received at any destination
as port 3871 traffic.
40
Includes a remark and denies TCP port 80 traffic received at any destination,
and causes a log message to be generated when a match occurs.
50
Denies UDP port 69 (TFTP) traffic sent from the host at 2001:db8:0:150::44 to
the host at 2001:db8:0:120::19 with a destination port number in the range of
3680 - 3690, and causes a log message to be generated when a match occurs.
60
Denies UDP traffic from any source to the host at 2001:db8:0:150::121, and
causes a log message to be generated when a match occurs.
70
Permits all IPv6 traffic with an SA prefix of 2001:db8:0:01/56 that is not already
permitted or denied by the preceding ACEs in the ACL.
Note: An implicit “Deny IPv6 any any” is automatically applied following the last line (70, in
this case), and denies all IPv6 traffic not already permitted or denied by the ACEs in lines 10
through 70.
8-37