KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

111

112

113

114

115

116

117

118

119

120

Example 66 Entering the ACL context

HP Switch(config)# ip access-list Sample-List

HP Switch(config-ipv6-acl)#

Configuring ACEs in an ACL

Configuring ACEs is done after using the ipv6 access-list ascii-str command described

on page 115 to enter the IPv6 ACL (ipv6_acl) context of an ACL.

Syntax: (ipv6 acl context)

[ deny | permit ] [ ipv6 | ipv6-protocol | ipv6-protocol-nbr ]

[ any | hostSA | SA/prefix-length ]

[ any | hostDA | DA/prefix-length ]

[ dscp tos-bits | precedence ] [ log ]

Appends an ACE to the end of the list of ACEs in the current ACL. In the default

configuration, ACEs are automatically assigned consecutive sequence numbers in

increments of 10 and can be renumbered using resequence, page 128).

NOTE: To insert a new ACE between two existing ACEs in an ACL, precede deny

or permit with an appropriate sequence number. See “Inserting an ACE in an

existing ACL” (page 125).

For a match to occur, a packet must have the source and destination IPv6 addressing

criteria specified in the ACE, as well as:

• The protocol-specific criteria configured in the ACE, including any optional

elements (described later in this section)

• Any (optional) DSCP settings configured in the ACE

[ deny | permit ]

These keywords are used in the IPv6 ACL (ipv6-acl) context to specify whether the ACE denies

or permits a packet matching the criteria in the ACE, as described below.

[ ipv6 | ipv6-protocol | ipv6-protocol-nbr ]

Used after deny or permit to specify the packet protocol type required for a match. An ACL

must include one of the following:

ipv6

Any IPv6 packet.

ipv6-protocol

Any one of the following IPv6 protocol names:

esp ah sctp icmp

tcp

udp

ipv6-protocol-nbr

The protocol number of an IPv6 packet type, such as "8" for Exterior Gateway Protocol or

121 for Simple Message Protocol. Range: 0 to 255

[ any | host | SA | SA prefix-length ]

This is the first instance of IPv6 addressing in an ACE. It follows the protocol specifier and

defines the source IPv6 address (SA) a packet must carry for a match with the ACE.

any

Allows IPv6 packets from any IPv6 SA.

1. For TCP, UDP, and ICMP, additional (optional) criteria can be specified, as described on 119through 122.

116 IPv6 Access Control Lists (ACLs)