Overview, Types of ipv6 acls, Concurrent ipv4 and ipv6 acls – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Overview

Static Port ACL:

An ACL statically configured on a specific port, group of

ports, or trunk. A static port ACL filters incoming IPv6 traffic on the port.

VACL:

See “VLAN ACL”.

VLAN ACL (VACL):

An ACL applied to all IPv6 traffic entering the switch

on a given VLAN interface. See also “Access Control List”.

Wildcard:

The bits in an SA or DA of a packet that are ignored when

determining whether the packet is a match for a given ACE. That is, when
the switch is comparing the address bits in a packet header with the
address bits specified in a given IPv6 ACE, only the address bits included
in the prefix length in the ACE are significant. The remaining bits—those
to the right of the bits specified by the prefix length—comprise a wildcard
and can be either on or off. See also Prefix Length on page 8-12.

Overview

Types of IPv6 ACLs

A permit or deny policy for IPv6 traffic you want to filter is based on source
and destination IPv6 address, plus other IPv6 protocol factors such as TCP/
UDP, ICMP, and DSCP.

Concurrent IPv4 and IPv6 ACLs

The switches covered by this guide support concurrent configuration and
operation of IPv4 and IPv6 ACLs. For information on IPv4 ACLs, refer to the
Access Security Guide

for your switch.

IPv6 ACL Applications

ACL filtering is applied to IPv6 traffic as follows:

■

VLAN ACL (VACL): On a VLAN configured with a VACL, filters
inbound IPv6 traffic. On a multinetted VLAN, this includes inbound
IPv6 traffic from any subnet.

■

Static port ACL: Filters inbound IPv6 traffic on the port.

8-13