HP 6200YL User Manual
Page 263
IPv6 Access Control Lists (ACLs)
Creating or Editing ACLs Offline
In this example, the CLI would show output similar to the following to
indicate that the ACL was successfully downloaded to the switch:
N o t e
If a transport error occurs, the switch does not execute the command and the
ACL is not configured.
ProCurve(config)# copy tftp command-file fe80::1ad:17 acl-001.txt pc
Running configuration may change, do you want to continue [y/n]? y
1. ipv6 access-list "acl-001"
6.
; CREATED ON JUNE 10
10.
10 remark "Telnet Denied Here"
13.
10 deny tcp 2001:db8:0:1af::/64 ::/0 eq 23
16.
30 deny tcp ::/0 ::/0 log
19.
40 deny icmp 2001:db8:0:1af::/64 ::/0 134
22.
50 deny icmp 2001:db8:0:1af::/64 ::/0 133
27.
; PERMITS IPV6 ANY ANY
31.
60 permit ipv6 ::/0 ::/0
34.
exit
36.
vlan 20 ipv6 access-group acl-001 vlan
Note: Blank lines may appear in the command output when you copy the command file to the switch. However, they are eliminated in
the copy of the ACL in switch memory. This is normal operation. (See also figure 8-36 for the configuration resulting from this output.)
Figure 8-35. Example of Using “copy tftp command-file” To Configure an ACL in the Switch
3. In this example, the command to assign the ACL to a VLAN was included
in the .txt command file. If this is not done in your applications, then the
next step is to manually assign the new ACL to the intended VLAN.
vlan < vid > ipv6 access-group < identifier > vlan
4. You can then use the
show run or show access-list config command to
inspect the switch configuration to ensure that the ACL was properly
downloaded.
8-87