KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

121

122

123

124

125

126

127

128

129

130

Assigns an ACL to a VLAN as an RACL to filter routed IP traffic entering or leaving the switch on

that VLAN. You can use either the global configuration level or the VLAN context level to assign

or remove an RACL.

vid

VLAN identification number

tunnel tunnel-id

Tunnel Identification

identifier

The alphanumeric name by which the ACL can be accessed. An identifier can

have up to 64 characters

Keyword for assigning the ACL to filter routed traffic entering the switch on the

specified VLAN

out

Keyword for assigning the ACL to filter routed traffic leaving the switch on the

specified VLAN

NOTE: The switch allows you to assign an "empty" ACL to a VLAN. In this case,

if you later populate the empty ACL with one or more ACEs for that same identifier,

the ACL automatically becomes active on the assigned VLAN. Also, where a given

ACL is assigned to an interface, if you delete the ACL from the running configuration

without also using the no form of this command to remove the assignment to the

interface, the ACL becomes "empty," but remains assigned to the interface and

continues to exist (as an empty ACL) in the running configuration. In this case, if

you later repopulate the ACL with an explicit ACE, the ACL immediately reactivates

and begins filtering traffic (which includes use of the implicit deny).

Example 68 Methods for enabling and disabling RACLs

HP Switch(config)# vlan 20 ipv6 access-group List-001 in

HP Switch(config)# vlan 20

HP Switch(vlan-20)# ipv6 access-group List-005 out

HP Switch(vlan-20)# exit

HP Switch(config)# no vlan 20 ipv6 access-group List-001 in

HP Switch(config)# vlan 20

HP Switch(vlan-20)# no ipv6 access-group List-005 out

HP Switch(vlan-20)# exit

Enables an RACL from the Global Configuration Level

Enables an RACL from a VLAN Context

Disables an RACL from the Global Configuration Level

Disabling an RACL from a VLAN Context

Filtering routed or switched IPv6 traffic inbound on a VLAN

For a given port, port list, or static port trunk, you can assign an ACL as a static port ACL to filter

switched or routed IPv6 traffic entering the switch on that interface. You can use the same ACL for

assignment to multiple VLANs.

Syntax:

[no] vlan vid ipv6 access-group identifier vlan

Configuration Commands 123