HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Editing an Existing ACL

ProCurve(config-ipv6-acl)# 15 remark "PERMIT HTTP; STATION 23; SUBNET 1D"

ProCurve(config-ipv6-acl)# 15 permit tcp host 2001:db8:0:1d::23 eq 80

2001:db8:0:2f::/64

ProCurve(config-ipv6-acl)# show access config

. . .

ipv6 access-list "List-105"

10 permit tcp 2001:db8:0:1f::/64 eq 80 2001:db8:0:2f::/64

15 remark "PERMIT HTTP; STATION 23; SUBNET 1D"

15 permit tcp 2001:db8:0:1d::23/128 eq 80 2001:db8:0:2f::/64

The above two commands insert a remark with its
corresponding ACE (same sequence number)
between two previously configured ACEs.

20 deny tcp 2001:db8:0:1d::/64 eq 80 2001:db8:0:2f::/64

exit

. . .

Figure 8-24. Example of Inserting a Remark and an ACE Within an Existing ACL

Inserting a Remark for an ACE that Already Exists in an ACL.

If an

ACE already exists in a given ACL, you can insert a remark for that ACE by
simply configuring the remark to have the same sequence number as the ACE.

Replacing an Existing Remark.

To replace an existing remark in a given

ACL:

1. Use

ipv6 access-list < identifier > to enter the desired ACL context.

2. Configure the replacement remark with the same sequence number as the

remark you want to replace. This step overwrites the former remark text
with the new remark text.

For example, to change the text of the remark at line 15 in figure 8-24 to
“PERMIT HTTP FROM ONE STATION”, you would use the following com­
mand:

ProCurve(config): ipv6 access-list List-105

ProCurve(config-ipv6-acl): 15 remark “PERMIT HTTP FROM ONE STATION”

Removing a Remark from an Existing ACE.

If you want to remove a

remark, but want to retain the ACE, do the following:

1. Use

ipv6 access-list < identifier > to enter the desired ACL context.

2. Use

no <1-2147483647> remark.

8-72