HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Editing an Existing ACL

ProCurve(Config)# ipv6 access-list My-list

ProCurve(config-ipv6-acl)# 45 permit icmp host 2001:db8:0:5ad::33 ::/0

ProCurve(config-ipv6-acl)# show run

. . .

ipv6 access-list "My-list"

10 permit ipv6 2001:db8:0:5ad::25/128 ::/0

20 permit ipv6 2001:db8:0:5ad::111/128 ::/0

30 permit icmp 2001:db8:0:5ad::115/128 ::/0

40 permit icmp 2001:db8:0:5ad::/64 ::/0

45 permit icmp 2001:db8:0:5ad::33 ::/0

50 permit icmp 2001:db8:0:5ad::19/128 ::/0

60 permit ipv6 ::/0 2001:db8:0:5ad::1/128

70 deny ipv6 2001:db8:0:5ad::/64 ::/0

80 permit ipv6 ::/0 ::/0

Inserts a new ACE
assigned to line 35.

exit

Enters the “Named-ACL context for “My-list”.

Figure 8-19. Example of Inserting an ACE in an Existing ACL

From within the context of an IPv6 ACL named “List-01”, insert a new ACE
between two existing ACEs. In this example, the first command creates a new
ACL and enters the ACL context. The next two ACEs entered become lines 10
and 20 in the list. The third ACE entered is inserted between lines 10 and 20
by using the sequence command with a sequence number of 11.

Becomes Line 10

ProCurve(config)# Port_1_5400(config)# ipv6 access-list List-01

Becomes Line 20

ProCurve(config-ipv6-acl)# permit ipv6 host fe80::100 host fe80::200

ProCurve(config-ipv6-acl)# permit ipv6 host fe80::103 any

ProCurve(config-ipv6-acl)# 11 permit ipv6 host fe80::110 host fe80::

ProCurve(config-ipv6-acl)# show run

Running configuration:

. . .

ipv6 access-list "List-01"

10 permit ipv6 fe80::100/128 fe80::200/128

11 permit ipv6 fe80::110/128 fe80::210/128

20 permit ipv6 fe80::103/128 ::/0

exit

Lines 10 and 20 were
automatically numbered
accord-ing to their order of
entry in the list.

Line 11 was explicitly
numbered by the 11 permit
command and was inserted
in its proper place in the list.

Figure 8-20. Example of Inserting an ACE into an Existing Sequence

8-66