Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
151152153154155156157158159160
Figure 10 Example of an IPv6 ACL application
To implement the policies described above in Figure 10 (page 155), configure ACLs on the switch
as shown in Example 97 (page 155).
Example 97 Configuration commands for IPv6 ACL
Configure ACLs on the switch:
Example 98 Switch A shown in Figure 10 (page 155)
HP Switch(config-ipv6-acl)# permit tcp host 2001:db8:0:1af::144 host 2001:db8:0:1ae::178 eq
telnet
HP Switch(config-ipv6-acl)# deny ipv6 2001:db8:0:1af::/64 2001:db8:0:1ae::/64
HP Switch(config-ipv6-acl)# permit ipv6 2001:db8:0:1af::/64 any
HP Switch(config-ipv6-acl)# exit
HP Switch(config)# vlan 1 ipv6 access-group List-01 in
Example 99 Switch B shown in Figure 10 (page 155)
HP Switch(config-ipv6-acl)# permit tcp host 2001:db8:0:1ae::100 host
2001:db8:0:1ad::55 eq 21
HP Switch(config-ipv6-acl)# deny tcp 2001:db8:0:1ae::/64 any
HP Switch(config-ipv6-acl)# permit ipv6 any any
HP Switch(config-ipv6-acl)# exit
HP Switch(config-ipv6-acl)# vlan 1 ipv6 access-group List-02 in
Editing an existing ACL
The CLI provides the capability for editing in the switch by using sequence numbers to insert or
delete individual ACEs. An offline method is also available. This section describes using the CLI
for editing ACLs.
General editing rules
You can use the CLI to delete individual ACEs from anywhere in an ACL, append new ACEs to
the end of an ACL, and insert new ACEs anywhere within an ACL.
When you enter a new ACE in an ACL without specifying a sequence number, the switch
inserts the ACE as the last entry in the ACL.
When you enter a new ACE in an ACL and include a sequence number, the switch inserts the
ACE according to the position of the sequence number in the current list of ACEs.
You can delete an ACE by using the ipv6 access-list identifier command to enter
the ACL's context, and then no seq-#
Deleting the last ACE from an ACL leaves the ACL in the configuration as an "empty"ACL
placeholder that cannot perform any filtering tasks. (In any ACL, the implicit deny does not
apply unless the ACL includes at least one explicit ACE.
Editing an existing ACL 155