HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Introduction

IPv6 traffic filtering with ACLs can help to improve network performance and
restrict network use by creating policies for:

■

Switch Management Access:

Permits or denies in-band manage­

ment access. This includes limiting and/or preventing the use of
designated protocols that run on top of IPv6, such as TCP, UDP, ICMP,
and others. Also included are the use of DSCP criteria, and control
for application transactions based on source and destination IPv6
addresses and transport layer port numbers.

■

Application Access Security:

Eliminates unwanted IPv6 traffic in

a path by filtering IPv6 packets where they enter or leave the switch
on specific VLAN interfaces.

The ACLs described in this chapter can filter IPv6 traffic to or from a host, a
group of contiguous hosts, or entire subnets.

C a u t i o n

The ACLs described in this chapter can enhance network security by blocking
selected IPv6 traffic, and can serve as part of your network security program.
However, because ACLs do not provide user or device authentication, or
protection from malicious manipulation of data carried in IPv6 packet
transmissions, they should not be relied upon for a complete security
solution

.

Static IPv6 ACLs on the switches covered by this manual do not screen non­
IPv6 traffic such as IPv4, AppleTalk, and IPX packets.

8-5