HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Contents

How an ACE Uses a Prefix To Screen Packets for
SA and DA Matches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32

Prefix Usage Differences Between ACLs and

A Configured ACL Has No Effect Until You Apply It

You Can Assign an ACL Name to an Interface

Other IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33

Configuring and Assigning an IPv6 ACL

. . . . . . . . . . . . . . . . . . . . . . . 8-34

General Steps for Implementing IPv6 ACLs . . . . . . . . . . . . . . . . . . . . 8-34

Permit/Deny Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34

ACL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35

ACL Configuration Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36

ACL Configuration Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38

The Sequence of Entries in an ACL Is Significant . . . . . . . . . . . . 8-38

Allowing for the Implied Deny Function . . . . . . . . . . . . . . . . . . . . 8-39

to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

Even if the ACL Has Not Been Configured . . . . . . . . . . . . . . . . . . 8-40

Using the CLI To Create an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40

General ACE Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41

Using CIDR Notation To Enter the IPv6 ACL Prefix Length . . . 8-41

Configuration Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-43

Command Summary for Configuring ACLs . . . . . . . . . . . . . . . . . . . . . 8-43

Command Summary for Enabling, Disabling, and Displaying ACLs 8-44

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-44

Commands To Create, Enter, and Configure an ACL . . . . . . . . . . . . . 8-45

Adding or Removing an ACL Assignment On an Interface

. . . . . . . 8-59

Filtering Switched IPv6 Traffic Inbound on a VLAN . . . . . . . . . . . . . 8-59

Filtering Inbound IPv6 Traffic Per Port and Trunk . . . . . . . . . . . . . . 8-60

Deleting an ACL

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-62

Editing an Existing ACL

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-63

General Editing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-63

Sequence Numbering in ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-64

Inserting an ACE in an Existing ACL . . . . . . . . . . . . . . . . . . . . . . . 8-65

Deleting an ACE from an Existing ACL . . . . . . . . . . . . . . . . . . . . 8-67

Resequencing the ACEs in an IPv6 ACL . . . . . . . . . . . . . . . . . . . . 8-68

Attaching a Remark to an ACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-69

8-2