HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Testing and Troubleshooting ACLs

ProCurve(config)# show statistics aclv4 Test-1 vlan 20 vlan

Total

(

5)

10 deny tcp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 eq 23 log

(

2)

20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

Indicates denied attempts to Telnet to 10.10.20.12 filtered by the instance of the “Test-1” VACL
assignment on VLAN 20.

Indicates permitted attempts to reach any accessible destination via the instance of the “Test-
1” VACL assignment on VLAN 20. In this example, shows the successful pings permitted by ACE

Shows that the hits on the instance of the “Test-1” VACL assignment on VLAN 20
have no effect on the counters for the RACL assignment of “Test-1” on VLAN 50.

Hit Counts for ACL Test-1

ProCurve# show statistics aclv4 Test-1 vlan 50 in

Hit Counts for ACL Test-1

Total

(

0)

10 deny tcp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 eq 23 log

(

0)

20 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

Figure 8-50. Resulting ACE Hits on IPv4 ACL “Test-1”

However, using a device at 10.10.30.11 on VLAN 50 for attempts to ping and
Telnet to 10.10.20.12 requires routing, and filters the attempts through the
RACL instance of the “Test-1” ACL on VLAN 50.

ProCurve# ping 10.10.20.2

10.10.20.2 is alive, time = 25 ms

ProCurve# telnet 10.10.20.2

Telnet failed: Connection timed out.

ProCurve#

Figure 8-51. Ping and Telnet from 10.10.30.11 to 10.10.20.2 Filtered by the

Assignment of “Test-1” as an IPv4 RACL on VLAN 30

This action has an identical effect on the counters in all RACL instances of the
“Test-1” ACL configured and assigned to interfaces on the same switch. In this
example, it means that the RACL assignments of “Test-1” on VLANs 50 and 70
will be incremented by the above action occurring on VLAN 50.

8-101