Terminology – HP 6200YL User Manual
Page 185
IPv6 Access Control Lists (ACLs)
Terminology
Terminology
Access Control Entry (ACE):
A policy consisting of criteria and an action
(permit or deny) to execute on a packet if it meets the criteria. For IPv6
ACEs, the elements composing the criteria include:
•
source IPv6 address and prefix length
•
destination IPv6 address and prefix length
•
either of the following:
–
all IPv6 traffic
–
IPv6 traffic of a specific IPv6 protocol (For TCP, UDP, and ICMP,
the criteria can include either a specific sub-type within the
protocol or all traffic of the protocol type.)
•
option to log packet matches with
deny ACEs
•
optional use of DSCP (precedence and ToS settings)
Access Control List (ACL):
A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit
deny ipv6 any any ACE. Each ACE in an IPv6 ACL includes layer
3 IPv6 source and destination criteria and IPv6 protocol-specific criteria.
IPv6 ACLs can be applied in any of the following ways:
•
VACL: an ACL assigned to filter inbound IPv6 traffic on a specific
VLAN configured on the switch
•
Static Port ACL: an ACL assigned to filter inbound IPv6 traffic on a
specific switch port
•
RADIUS-Assigned ACL: dynamic ACL assigned to a port by a RADIUS
server to filter inbound IPv4 and IPv6 traffic from an authenticated
client on that port (Refer to the chapter titled “Configuring RADIUS
Server Support for Switch Services” in the latest Access Security
Guide
for your switch.)
Static ACLs are configured in switch memory with an alphanumeric name,
and can be assigned to a VLAN as a VACL, and to a port list (or static
trunk). (RADIUS-assigned ACLs are configured on a RADIUS server, and
are identified by the associated client credentials instead of an alphanu
meric name.)
ACE:
See “Access Control Entry”.
ACL:
See “Access Control List”.
8-9