KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

101

102

103

104

105

106

107

108

109

110

Prefix usage differences between ACLs and other IPv6 addressing

For ACLs, the prefix is used to specify the leftmost bits in an address that are meaningful for a

packet match. In other IPv6 usage, the prefix separates network and subnet values from the device

identifier in an address.

NotesExamplesPrefix usage

All bits. Used for a specific SA or

DA.

The first 80 bits. Used for an SA or

DA having 2620:0:a03:e102:215

in the leftmost 80 bits of an address.

2620:0:a03:e102:215:60ff:fe7a:adc0/128

2620:0:a03:e102:215/80

For an SA or DA in the ACE

belonging to an IPv6 ACL, the

associated prefix specifies how

many consecutive, leading bits in

the address are used to define a

match with the corresponding bits

Zero bits. Used to allow a match

with "any" SA or DA.

::/0

in the SA or DA of a packet being

filtered.

Link-Local address with a prefix of

64 bits and a device ID of 64 bits.

Global unicast address with a prefix

of 64 bits and a device ID of 64

bits.

fe80::215:60ff:fe7a:adc0/64

2620:0:a03:e102:215:60ff:fe7a:adc0/64

For the IPv6 address assigned to a

given device, the prefix defines the

type of address and the network

and subnet in which the address

resides. In this case, the bits to the

right of the prefix comprise the

device identifier.

An RA with a 48-bit prefix

an RA with a 64-bit prefix

2620:0:a03::/48

2620:0:a03:e102::/64

For an RA, the included prefix

defines the network or range of

networks and the subnets the router

is advertising.

For more information on RAs, see “IPv6 Router Advertisements” (page 186).

Configuring and assigning an IPv6 ACL

PageACL Feature

122Adding or Removing an ACL

125Enabling or Disabling ACL Filtering

Implementing IPv6 ACLs

For more information on configuring ACLs, see “Configuring and assigning an IPv6 ACL” (page 109).

1. Configure one or more ACLs.

This creates and stores the ACLs in the switch configuration.

2. Assign an ACL to an interface using one of the following applications:

• RACL (routed IPv6 traffic entering or leaving the switch on a given VLAN)

• VACL (IPv6 traffic entering the switch on a given VLAN)

• Static port ACL (IPv6 traffic entering the switch on a given port, port list, or static trunk)

3. If the ACL is applied as an RACL, IPv6 routing must be enabled. Except for instances where

the switch is the traffic source or destination, assigned RACLs filter IPv6 traffic only when IPv6

routing is enabled on the switch.

Configuring and assigning an IPv6 ACL 109