General ace rules, General ace rules -41 – HP 6200YL User Manual

Page 217

Advertising
background image

IPv6 Access Control Lists (ACLs)

Configuring and Assigning an IPv6 ACL

General ACE Rules

These rules apply to all ACEs you create or edit using the CLI:

Adding or Inserting an ACE in an ACL.

To add an ACE to the end of an

ACL, use the

ipv6 access-list < name-str > command to enter the context for a

specific IPv6 ACL. (If the ACL does not already exist in the switch configura­
tion, this command creates it.) Then enter the text of the ACE without
specifying a sequence number. For example, the following pair of commands
enter the context of an ACL named “List-1” and add a “permit” ACE to the end
of the list. This new ACE permits the IPv6 traffic from the device at
2001:db8:0:a9:8d:100 to go to all destinations.

ProCurve(config)# ipv6 access-list List-1

ProCurve(config-ipv6-acl)# permit host 2001:db8:0:a9::8d:100 any

To insert an ACE anywhere in an existing ACL, enter the context of the ACL
and specify a sequence number. For example, to insert a new ACE as line 15
between lines 10 and 20 in an existing ACL named “List-2” to deny traffic from
the device at 2001:db8:0:a9::8d:77, you would use the following commands:

ProCurve(config)# ipv6 access-list List-2

ProCurve(config-ipv6-acl)# 15 deny ipv6 host 2001:db8:0:a9::8d:77 any

To Delete an ACE.

Enter the ACL context and delete the sequence number

for the unwanted ACE. (To view the sequence numbers of the ACEs in a list,
use

show access-list < acl-name-str > config.) For example, to delete the ACE

at line 40 in an ACL named “List-2”, you would enter the following commands:

ProCurve(config)# ipv6 access-list List-2 config

ProCurve(config-ipv6-acl)# no 40

Duplicate ACE Sequence Numbers.

Duplicate sequence numbering for

ACEs are not allowed in the same ACL. Attempting to enter a duplicate ACE
displays the

Duplicate sequence number message.

Using CIDR Notation To Enter the IPv6 ACL Prefix Length

CIDR (Classless Inter-Domain Routing) notation is used to specify ACL prefix
lengths. The switch compares the address bits specified by a prefix length for
an SA or DA in an ACE with the corresponding address bits in a packet being
filtered by the ACE. If the designated bits in the ACE and in the packet have
identical settings, then the addresses match.

8-41

Advertising
This manual is related to the following products:

8200ZL

Popular Brands
Popular manuals