Acl configuration factors, The sequence of entries in an acl is significant, Acl configuration factors -38 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Configuring and Assigning an IPv6 ACL

ACL Configuration Factors

The Sequence of Entries in an ACL Is Significant

When the switch uses an ACL to determine whether to permit or deny a packet,
it compares the packet to the criteria specified in the individual Access
Control Entries (ACEs) in the ACL, beginning with the first ACE in the list and
proceeding sequentially until a match is found. When a match is found, the
switch applies the indicated action (permit or deny) to the packet. This is
significant because, once a match is found for a packet, subsequent ACEs in
the same ACL will not be applied to that packet, regardless of whether they
match the packet.

For example, suppose that you have applied the ACL shown in figure 8-9 to
inbound IPv6 traffic on VLAN 1 (the default VLAN):

ipv6 access-list "Sample-List-2"

10 deny ipv6 2001:db8::235:10/128 ::/0

Destination Address and Prefix Length

(Specifies Any IPv6 Destination)

Source Address

Prefix Length

20 deny ipv6 2001:db8::245:89/128 ::/0

30 permit tcp 2001:db8::18:100/128 2001:db8::237:1/128

40 deny tcp 2001:db8::18:100/128 ::/0

50 permit ipv6 ::/0 ::/0

(Implicit deny ipv6 any any)

exit

After the last explicit ACE there is always an Implicit Deny.
However, in this case it will not be used because the last

permit

ipv6

ACL allows all IPv6 packets that earlier ACEs have not

already permitted or denied.

Figure 8-9. Example of an ACE that Permits All IPv6 Traffic Not Implicitly Denied

8-38