N o t e – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Testing and Troubleshooting ACLs

IPv6 Counter Operation with Multiple Interface Assignments

N o t e

The examples of counters in this section use small values to help illustrate
counter operation. The counters in real-time network applications are gener­
ally much more active and show higher values.

Where the same IPv6 ACL is assigned to multiple interfaces, the switch
maintains a separate instance of each ACE counter in the ACL. When there is
a match with traffic on one of the ACL’s assigned interfaces, only the affected
ACE counters for that interface are incremented. Other instances of the same
ACL applied to other interfaces are not affected.

For example, suppose that:

■

An ACL named “V6-01” is configured as shown in figure 8-43 to block
Telnet access to a workstation at FE80::20:2, which is connected to a
port belonging to VLAN 20.

■

The ACL is assigned as a PACL (port ACL) on port B2, which is also
a member of VLAN 20:

ProCurve(config)# show access-list V6-01 config

ipv6 access-list "V6-01"

10 permit icmp ::/0 fe80::20:2/128 128

20 deny tcp ::/0 fe80::20:2/128 eq 23 log

30 permit ipv6 ::/0 ::/0

exit

Assigns the ACL to port B2.

ProCurve(config)# int b2 ipv access-group V6-01 in

Figure 8-43. ACL “V6-01” and Command for PACL Assignment on Port B2

FE80::20:2

ACL “V6-01” assigned as
a PACL on port B2.

VLAN 20

FE80::20:1

5400zl Switch

FE80::20:117

Port

B2

Figure 8-44. Application to Filter Traffic Inbound on Port B2

8-97