KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

151

152

153

154

155

156

157

158

159

160

Example 96 IPv6 ACL performance monitoring output

HP Switch# show statistics aclv6 V6-02 vlan 20 vlan

HitCounts for ACL V6-02

Total

( 5) 10 permit icmp ::/0 fe80::20:2/128 128

( 4) 20 permit icmp ::/0 fe80::20:3/128 128

( 136) 30 permit tcp fe80::20:1/128 ::/0 eq 23

( 2) 40 deny icmp ::/0 fe80::20:1/128 128

( 10) 50 deny tcp ::/0 ::/0 eq 23

( 8) 60 deny icmp ::/0 ::/0 133

( 155) 70 permit ipv6 ::/0 ::/0

HP Switch# clear statistics aclv6 V6-02 vlan 20 vlan

HP Switch# show statistics aclv6 V6-02 vlan 20 vlan

HitCounts for ACL V6-02

Total

( 0) 10 permit icmp ::/0 fe80::20:2/128 128

( 0) 20 permit icmp ::/0 fe80::20:3/128 128

( 0) 30 permit tcp fe80::20:1/128 ::/0 eq 23

( 0) 40 deny icmp ::/0 fe80::20:1/128 128

( 0) 50 deny tcp ::/0 ::/0 eq 23

( 0) 60 deny icmp ::/0 ::/0 133

( 0) 70 permit ipv6 ::/0 ::/0

Options for applying IPv6 ACLs on the switch

To apply IPv6 ACL filtering, assign a configured IPv6 ACL to the interface on which you want the

traffic filtering to occur. VLAN IPv6 traffic ACLs can be applied statically using the switch

configuration. Port traffic ACLs can be applied either statically or dynamically (using a RADIUS

server).

Static ACLS

Static ACLs are configured on the switch. To apply a static ACL, assign it to an interface (VLAN

or port). The switch supports three static ACL types:

• Routed IPv6 traffic ACL (RACL)

An ACL configured on a VLAN to filter routed IPv6 traffic entering or leaving the switch on

that interface, as well as IPv6 traffic having a destination on the switch itself. (Except for filtering

IPv6 traffic to an address on the switch itself, IPv6 RACLs can operate only while IPv6 routing

is enabled.

• VLAN ACL (VACL)

An ACL to a VLAN to filter IPv6 traffic entering the switch on that VLAN interface and having

a destination on the same VLAN. The traffic can be either switched or routed.

• Static Port ACL

An ACL assigned to a port to filter IPv6 traffic entering the switch on that port, regardless of

whether the traffic is routed, switched, or addressed to a destination on the switch itself.

152 IPv6 Access Control Lists (ACLs)