HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Creating or Editing ACLs Offline

In this example, the CLI would show output similar to the following to
indicate that the ACL was successfully downloaded to the switch:

N o t e

If a transport error occurs, the switch does not execute the command and the
ACL is not configured.

ProCurve(config)# copy tftp command-file fe80::1ad:17 acl-001.txt pc

Running configuration may change, do you want to continue [y/n]? y

1. ipv6 access-list "acl-001"

6.

; CREATED ON JUNE 10

10.

10 remark "Telnet Denied Here"

13.

10 deny tcp 2001:db8:0:1af::/64 ::/0 eq 23

16.

30 deny tcp ::/0 ::/0 log

19.

40 deny icmp 2001:db8:0:1af::/64 ::/0 134

22.

50 deny icmp 2001:db8:0:1af::/64 ::/0 133

27.

; PERMITS IPV6 ANY ANY

31.

60 permit ipv6 ::/0 ::/0

34.

exit

36.

vlan 20 ipv6 access-group acl-001 vlan

Note: Blank lines may appear in the command output when you copy the command file to the switch. However, they are eliminated in
the copy of the ACL in switch memory. This is normal operation. (See also figure 8-36 for the configuration resulting from this output.)

Figure 8-35. Example of Using “copy tftp command-file” To Configure an ACL in the Switch

3. In this example, the command to assign the ACL to a VLAN was included

in the .txt command file. If this is not done in your applications, then the
next step is to manually assign the new ACL to the intended VLAN.

vlan < vid > ipv6 access-group < identifier > vlan

4. You can then use the

show run or show access-list config command to

inspect the switch configuration to ensure that the ACL was properly
downloaded.

8-87