Planning an acl application – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Planning an ACL Application

insert an explicit

permit ipv6 any any as the last ACE in the ACL. Doing so

permits any packet not explicitly denied by earlier entries. (Note that this
solution would not apply in the preceding example, where the intention is for
the switch to forward only the explicitly permitted packets entering the switch
on VLAN 100.)

Planning an ACL Application

Before creating and implementing ACLs, define the policies you want your
ACLs to enforce, and understand how the ACL assignments will impact your
network users.

N o t e

IPv6 traffic entering the switch on a given interface is filtered by the ACLs
configured for inbound traffic on that interface. For this reason, an inbound
packet will be denied (dropped) if it has a match with an implicit (or explicit)
deny ipv6 any any in any of the inbound ACLs applied to the interface.

(Refer to “Multiple ACL Assignments on an Interface” on page 8-18.)

IPv6 Traffic Management and Improved Network
Performance

You can use ACLs to block IPv6 traffic from individual hosts, workgroups, or
subnets, and to block access to VLANs, subnets, devices, and services. Traffic
criteria for ACLs include:

■

Switched IPv6 traffic

■

IPv6 traffic of a specific protocol type (0-255)

■

TCP traffic (only) for a specific TCP port or range of ports, including
optional control of connection traffic based on whether the initial
request should be allowed

■

UDP traffic (only) or UDP traffic for a specific UDP port

■

ICMP traffic (only) or ICMP traffic of a specific type and code

■

Any of the above with specific precedence and/or ToS settings

8-27