Acl configuration, Acl configuration -35 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Configuring and Assigning an IPv6 ACL

ACL Configuration

After you enter an ACL command, you may want to inspect the resulting
configuration. This is especially true where you are entering multiple ACEs
into an ACL. Also, it is helpful to understand the configuration structure when
using later sections in this chapter.

The basic ACL structure includes four elements:

1. ACL identity: This is a string of up to 64 characters specifying the ACL

name.

2. Optional

remark entries.

3. One or more deny/permit list entries (ACEs): One entry per line.

Element

Notes

Identifier

Alphanumeric; Up to 64 Characters, Including
Spaces

Remark

Allows up to 100 alphanumeric characters, including
blank spaces. (If any spaces are used, the remark
must be enclosed in a pair of single or double
quotes.) A remark is associated with a particular ACE
and will have the same sequence number as the ACE.
(One remark is allowed per ACE.) Refer to “Attaching
a Remark to an ACE” on page 8-69.

Maximum ACEs Per Switch

The maximum number of ACEs supported by the
switch is up to 3072 for IPv6 ACEs and up to 3072 for
IPv4 ACEs. The maximum number of ACEs applied to
a VLAN or port depends on the concurrent resource
usage by multiple configured features. For more
information, use the show < qos | access-list >
resources command and/or refer to “Monitoring
Shared Resources” on page 8-103.

4. Implicit Deny: Where an ACL is applied to an interface, it denies any

packets that do not have a match with any of the ACEs explicitly config­
ured in the list. The Implicit Deny does not appear in ACL configuration
listings, but always functions when the switch uses an ACL to filter
packets. (You cannot delete the Implicit Deny, but you can supersede it
with a

permit ipv6 any any ACE.)

8-35