HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Configuration Commands

[ icmp-type-name ]

These name options are an alternative to the

[icmp-type

[ icmp-code] ] methodology described above. For more infor­
mation, visit the IANA website cited above.

cert-path-advertise

mobile-advertise

cert-path-solicit

mobile-solicit

destination-unreachable

nd-na

echo-reply

nd-ns

echo-request

node-info

home-agent-reply

node-query

home-agent-request

packet-too-big

inv-nd-na

parameter-problem

inv-nd-ns

redirect

mcast-router-advertise

router-advertisement

mcast-router-solicit

router-renum

mcast-router-terminate

router-solicitation

mld-done

time-exceeded

mld-query

ver2-mld-report

mld-report

Example of an IPv6 ACL Configuration.

Suppose that you wanted to

implement the following IPv6 traffic policy on a switch connecting two
workgroups on the same VLAN to dedicated servers and to a campus intranet
(figure 8-11 on page 8-57):

■

Permit full IPv6 access for the management station.

■

For traffic from the workgroup at 2001:db8::1:20:0/121:

•

Deny Telnet access to server “1” (2001:db8::1:10:3).

•

Deny the workgroup any IPv6 access to server “2” (2001:db8::1:10:4).

■

For traffic from the workgroup at 2001:db8::1:30:0/121:

•

Deny Telnet access to server “2” (2001:db8::1:10:4).

•

Deny the workgroup any IPv6 access to server (2001:db8::1:10:3).

■

Deny inbound ICMP multicast-router-solicitations from all switches
on the VLAN.

■

Permit all other IPv6 traffic. (Supersedes the implicit

deny ipv6 any any

at the end of the ACL, which would deny any IPv6 traffic not filtered
by the configured ACEs in the ACL.)

8-56