HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Planning an ACL Application

■

Explicitly Permitting IPv6 Traffic:

Entering a

permit ipv6 any any

ACE in an ACL permits the IPv6 traffic not previously permitted or
denied by that ACL. Any ACEs listed after that point do not have any
effect.

■

Explicitly Denying IPv6 Traffic:

Entering a

deny ipv6 any any ACE

in an ACL denies IPv6 traffic not previously permitted or denied by
that ACL. Any ACEs listed after that point have no effect.

■

Replacing One ACL with Another of the Same Type:

For a

specific interface, the most recent ACL assignment using a given
application replaces any previous ACL assignment using the same
application on the same interface. For example, if you assigned a
VACL named “Test-01” to filter inbound IPv6 traffic on VLAN 20, but
later, you assigned another VACL named “Test-02” to filter inbound
IPv6 traffic on this same VLAN, VACL “Test-02” replaces VACL “Test­
01” as the ACL to use.

■

Static Port ACLs:

These are applied per-port, per port-list, or per

static trunk. Adding a port to a trunk applies the trunk’s ACL config­
uration to the new member. If a port is configured with an ACL, the
ACL must be removed before the port is added to the trunk. Also,
removing a port from an ACL-configured trunk removes the ACL
configuration from that port.

■

VACLs:

These filter IPv6 traffic entering the switch through any port

belonging to the designated VLAN. VACLs do not filter IPv6 traffic
leaving the switch.

■

VACLs Operate On Static VLANs:

You can assign an ACL to any

VLAN that is statically configured on the switch. ACLs do not operate
with dynamic VLANs.

■

A VACL Affects All Physical Ports in a Static VLAN:

A VACL

assigned to a VLAN applies to all physical ports on the switch
belonging to that VLAN, including ports that have dynamically joined
the VLAN.

8-31