KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

121

122

123

124

125

126

127

128

129

130

The no form of the command deletes the indicated remark, but does not affect the

related ACE.

Appending remarks and related ACEs to the end of an ACL

To include a remark for an ACE that will be appended to the end of the current ACL:

1. Enter the remark first.

2. Then enter the related ACE.

This results in the remark and the subsequent ACE having the same sequence number.

Example 74 Appending remarks and related ACEs to the end of an ACL

To append an ACE with an associated remark to the end of an ACL named "List-100," enter

remarks from the CLI context for the desired ACL:

HP Switch(config)# ipv6 access-list List-100

HP Switch(config-ipv6-acl)# permit tcp host 2001:db8:0:b::100:17 eq telnet

any

HP Switch(config-ipv6-acl)# permit tcp host 2001:db8:0:b::100:23 eq telnet

any

HP Switch(config-ipv6-acl)# remark “BLOCKS UNAUTH TELNET TRAFFIC FROM

SUBNET B”

HP Switch(config-ipv6-acll)# deny tcp 2001:db8:0:a::/64 eq telnet any

HP Switch(config-ipv6-acl)# show access-list List-100 config

ipv6 access-list "List-100"

10 remark "TEXT"

10 permit tcp 2001:db8:0:b::100:17/128 eq 23 ::/0

20 permit tcp 2001:db8:0:b::100:23/128 eq 23 ::/0

30 remark "BLOCKS UNAUTH TELNET TRAFFIC FROM SUBNET B"

30 deny tcp 2001:db8:0:b::/64 eq 23 ::/0

exit

HP Switch(config-ipv6-acl)#

The remark is assigned the same number as the immediately

following ACE (“30” in this example) is assigned when it is

automatically appended to the end of the list. This operation

applies where new remarks and ACEs are appended to the

end of the ACL and are automatically assigned a sequence

number.

Inserting remarks and related ACEs within an existing list

To insert an ACE with a remark within an ACL by specifying a sequence number:

1. Insert the numbered remark first

2. Then, using the same sequence number, insert the ACE.

HP Switch(config-ipv6-acl)# 15 remark "PERMIT HTTP; STATION 23; SUBNET 1D"

HP Switch(config-ipv6-acl)# 15 permit tcp host 2001:db8:0:1d::23 eq 80

2001:db8:0:2f::/64

HP Switch(config-ipv6-acl)# show access config

. . .

ipv6 access-list "List-105"

10 permit tcp 2001:db8:0:1f::/64 eq 80 2001:db8:0:2f::/64

15 remark "PERMIT HTTP; STATION 23; SUBNET 1D"

15 permit tcp 2001:db8:0:1d::23/128 eq 80 2001:db8:0:2f::/64

20 deny tcp 2001:db8:0:1d::/64 eq 80 2001:db8:0:2f::/64

exit

. . .

130 IPv6 Access Control Lists (ACLs)