KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

111

112

113

114

115

116

117

118

119

120

host SA

Specifies only packets having a single address as the SA. Use this criterion when you

want to match only the IPv6 packets from a single SA.

SA prefix-length

Specifies packets received from one or more contiguous subnets or contiguous addresses

within a single subnet. The prefix length is in CIDR format and defines the number of

leftmost bits to use in determining a match. See “Using CIDR notation to enter the IPv6

ACL prefix length” (page 153). In a given ACE, the SA prefix length defines how many

leftmost bits in a packet's SA must exactly match the SA configured in the ACE.

Examples of prefix-length applications:

• 2001:db8:0:e102::10:100/120 matches any IPv6 address in the range of

2001:db8:0:e102::10:<0100 - 01FF>

• 2001:db8:a0:e102::/64 matches any IPv6 address having a prefix of

2001:db8:a0:e102.

• FE80::/16 matches any link-local address on an interface.

NOTE: For more information on how prefix lengths are used in IPv6 ACLs, see “How

an ACE uses a prefix to screen packets for SA and DA matches” (page 107).

[ any | host DA | DA/prefix-length ]

This is the second instance of addressing in an IPv6 ACE. It follows the first (SA) instance,

described earlier in this section, and defines the destination IPv6 address (DA) that a

packet must carry to have a match with the ACE.

any

Allows IPv6 packets to any IPv6 DA.

host DA

Specifies only packets having DA as the destination address. Use this criterion when

you want to match only the IPv6 packets for a single DA.

DA/prefix-length

Specifies packets intended for one or more contiguous subnets or contiguous

addresses within a single subnet. The prefix length is in CIDR format and defines

the number of leftmost bits to use in determining a match. See “Using CIDR notation

to enter the IPv6 ACL prefix length” (page 153). In a given ACE, the DA

prefix-length defines how many leftmost bits in a packet's DA must exactly

match the DA configured in the ACE.

For examples, see “Examples of prefix-length applications” (page ?).

[ dscp codepoint/precedence ]

This option follows the DA to include a DSCP codepoint or precedence as a matching

criteria.

codepoint:

Supports these codepoint selection options:

0 - 63

Select a specific DSCP codepoint by entering its decimal equivalent. See “DSCP

codepoints with decimal equivalents” (page 118).

Assured Forwarding (AF) codepoint matches:

DSCPMatchAF

001010af11

001100af12

Configuration Commands 117