IPv6 Configuration Guide K/KA/KB.15.15
Sequence numbering in ACLs
The ACEs in any ACL are sequentially numbered. In the default state, the sequence number of the
first ACE in a list is "10," and subsequent ACEs are numbered in increments of 10. The following
show run output shows an ACL named "My-list" using the default numbering scheme:
Example 100 Default sequential numbering for ACEs
ipv6 access-list "My-list"
10 permit ipv6 2001:db8:0:5ad::25/128 ::/0
20 permit ipv6 2001:db8:0:5ad::111/128 ::/0
30 permit icmp 2001:db8:0:5ad::115/128 ::/0 135
40 deny ipv6 2001:db8:0:5ad::/64 ::/0
exit
An ACE can be appended to the end of the ACL by using ipv6 access-list from the global
configuration prompt or by entering the ACL context:
Example 101 Ways to append a new ACE to the end of an ACL
HP Switch(config)# ipv6 access-list My-list permit esp host
2001:db8:0:5ad::19 any
1
2
HP Switch(Config)# ipv6 access-list My-list
HP Switch(config-ipv6-acl)# permit ipv6 any host 2001:db8:0:5ad::1
1
From the global configuration prompt, appends an ACE to the
end of the ACL named My-list
2
Enters the context of the “My-list”ACL and appends an ACE to
the end of the list
To continue from Example 101 (page 156) and append a final ACE to the end of the ACL:
Example 102 Appending an ACE to an existing list
HP Switch(config-ipv6-acl)# deny ipv6 2001:db8:0:5ad::/64 any
1
HP Switch (config-ipv6-acl)# permit ipv6 any any
2
HP Switch(config-ipv6-acl)# show run
. . .
ipv6 access-list "My-list"
10 permit ipv6 2001:db8:0:5ad::25/128 ::/0
20 permit ipv6 2001:db8:0:5ad::111/128 ::/0
30 permit icmp 2001:db8:0:5ad::115/128 ::/0
40 permit icmp 2001:db8:0:5ad::/64 ::/0
50 permit 50 2001:db8:0:5ad::19/128 ::/0
60 permit ipv6 ::/0 2001:db8:0:5ad::1/128
70 deny ipv6 2001:db8:0:5ad::/64 ::/0
80 permit ipv6 ::/0 ::/0
exit
1
ACE appended as line 70
2
Appended as line 80
About viewing All ACLs and their assignments in the switch startup-config file and
running-config file
The show config and show running commands include in their listings any configured ACLs
and any ACL assignments to VLANs.
156 IPv6 Access Control Lists (ACLs)