HP 6200YL User Manual

Page 188

Advertising
background image

IPv6 Access Control Lists (ACLs)
Terminology

on a VLAN interface, but outbound, switched traffic is not filtered by
ACLs. In software release K.14.01, RACLs are supported for IPv4 traffic,
but not for IPv6 traffic. (Refer also to “IPv6 ACL Applications” on page
8-13.)

Permit:

An ACE configured with this action allows the switch to forward an

IPv6 packet for which there is a match.

Permit Any Forwarding:

An ACE configured with this action causes the

switch to forward IPv6 packets that have not been permitted or denied by
earlier ACEs in the list.

Prefix Length:

In an IPv6 ACE, a network prefix is used to specify the

leftmost contiguous bits in a packet’s SA and DA that must match the bit
settings defined in the SA and DA configured in the ACE. The prefix length
is specified (in CIDR format) by

/nn immediately following the specified

SA or DA address. For example, if the SA prefix in an ACE is
2001:db8:127::/48, then the first 48 bits in the SA of a packet being com­
pared to that ACE must be the same to allow a match. In this case, bits 49
through 128 are not compared and are termed a “wildcard”. See also
Wildcard

on page 8-13.

RADIUS-Assigned ACL:

An ACL assigned by a RADIUS server to a port to

filter inbound IP traffic from a client authenticated by the server for that
port.
A RADIUS-assigned ACL can be configured (on a RADIUS server) to filter
inbound IPv4 and IPv6 traffic, or just IPv4 traffic. When the client session
ends, the RADIUS-assigned ACL for that client is removed from the port.
See also “Implicit Deny”.

remark-str: The term used in ACL syntax statements to represent the variable

“remark string”; a set of alphanumeric characters you can include as a
remark in an ACL. A remark string allows up to 100 characters and must
be delimited by single or double quotes if any spaces are included in the
string.

SA:

The acronym for Source Address. In an IPv6 packet, this is the source

IPv6 address carried in the header, and identifies the packet’s sender. This
is the first of two IPv6 addresses used in an ACE to determine whether
there is a match between a packet and the ACE. See also “DA”.

seq-#: The term used in ACL syntax statements to represent the sequence

number variable used to insert an ACE within an existing list. The range
allowed for sequence numbers is 1 - 2147483647.

8-12

Advertising
This manual is related to the following products:

8200ZL

Popular Brands
Popular manuals