HP 6200YL User Manual
Page 275
IPv6 Access Control Lists (ACLs)
Testing and Troubleshooting ACLs
has multiple assignments as an RACL, then a match with an ACE in any RACL
instance of the ACL increments that same counter on all RACL-assigned
instances of that ACL. (The ACE counters for VACL and PACL instances of an
ACL are not affected by counter activity in RACL instances of the same ACL.)
For example, suppose that an IPv4 ACL named “Test-1” is configured as shown
in figure 8-47 to block Telnet access to a server at 10.10.20.12 on VLAN 20, and
that the Test-1 ACL is assigned to VLANs as follows:
■
VLAN 20: VACL
■
VLAN 50: RACL
■
VLAN 70: RACL
ProCurve(config)# show access-list Test1 config
ip access-list extended “Test1”
10 deny tcp 0.0.0.0 255.255.255.255 10.10.20.12 0.0.0.0 eq 23 log
20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ProCurve(config)# vlan 20 ip access-group Test-1 vlan
ProCurve(config)# vlan 50 ip access-group Test-1 in
ProCurve(config)# vlan 70 ip access-group Test-1 in
Assigns the ACL as a VACL to VLAN 20.
Assigns the ACL as
an RACL to VLANs
50 and 70.
Figure 8-47. ACL “Test-1” and Interface Assignment Commands
VLAN 20
10.10.20.1
VLAN 50
10.10.55.1
5400zl Switch
10.10.2
0.0
10.10.3
0.0
10.10.20.12
ACL “Test-1” assigned as an RACL
to both VLAN 50 and VLAN 70.
VLAN 70
10.10.70.1
10.10.7
0.0
ACL “Test-1” assigned as a VACL
to VLAN 20.
Figure 8-48. Example of Using the Same IPv4 ACL for VACL and RACL Applications
8-99