HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Editing an Existing ACL

Appending Remarks and Related ACEs to the End of an ACL.

To

include a remark for an ACE that will be appended to the end of the current
ACL, enter the remark first, then enter the related ACE. This results in the
remark and the subsequent ACE having the same sequence number. For
example, to append an ACE with an associated remark to the end of an ACL
named “List-100”, you would enter remarks from the CLI context for the
desired ACL:

ProCurve(config)# ipv6 access-list List-100

ProCurve(config-ipv6-acl)# permit tcp host 2001:db8:0:b::100:17 eq telnet any

ProCurve(config-ipv6-acl)# permit tcp host 2001:db8:0:b::100:23 eq telnet any

ProCurve(config-ipv6-acl)# remark “BLOCKS UNAUTH TELNET TRAFFIC FROM SUBNET B”

ProCurve(config-ipv6-acll)# deny tcp 2001:db8:0:a::/64 eq telnet any

ProCurve(config-ipv6-acl)# show access-list List-100 config

ipv6 access-list "List-100"

10 remark "TEXT"

10 permit tcp 2001:db8:0:b::100:17/128 eq 23 ::/0

20 permit tcp 2001:db8:0:b::100:23/128 eq 23 ::/0

30 remark "BLOCKS UNAUTH TELNET TRAFFIC FROM SUBNET B"

30 deny tcp 2001:db8:0:b::/64 eq 23 ::/0

exit

ProCurve(config-ipv6-acl)#

The remark is assigned the same number as the immediately
following ACE (“30” in this example) is assigned when it is
automatically appended to the end of the list. This operation applies
where new remarks and ACEs are appended to the end of the ACL
and are automatically assigned a sequence number.

Figure 8-23. Example of Appending a Remark and Its Related ACE to the End of an ACL

Inserting Remarks and Related ACEs Within an Existing List.

To

insert an ACE with a remark within an ACL by specifying a sequence number,
insert the numbered remark first, then, using the same sequence number,
insert the ACE. For example:

8-71