KB.15.15

Example 106 Ping and Telnet from FE80::20:117 to FE80::20:2 filtered by the assignment of "V6-01"

as a PACL on port B2

HP Switch# ping6 fe80::20:2%vlan20

fe80:0000:0000:0000:0000:0000:0020:0002 is alive, time = 5 ms

HP Switch# telnet fe80::20:2%vlan20

Telnet failed: Connection timed out.

HP Switch#

Example 107 Resulting ACE hits on ACL “V6-01”

HP Switch# show statistics aclv6 IP-01 port 2

Hit Counts for ACL IPV6-ACL

Total

( 1)

10 permit icmp fe80::20:3/128 fe80::20:2/128 128

( 5)

20 deny tcp ::/0 fe80::20:2/128 eq 23 log

( 4)

30 permit ipv6 ::/0 ::/0

Shows the successful ping permitted by ACE 10

Indicates denied attempts to Telnet to FE80::20:2 via the

instance of the "V6-01" PACL assignment on port 2

Indicates permitted attempts to reach any accessible destination

via the instance of the “V6-01”PACL assignment on port 2

NOTE: IPv4 ACE counters assigned as RACLs operate differently than described above. For more

information, see “IPv4 counter operation with multiple interface assignments” (page 160).

IPv4 counter operation with multiple interface assignments

Where the same IPv4 ACL is assigned to multiple interfaces as a VLAN ACL (VACL) or port ACL

(PACL), the switch maintains a separate instance of ACE counters for each interface assignment.

Thus, when there is a match with traffic on one of the ACL's VACL- or PACL-assigned interfaces,

only the ACE counter in the affected instance of the ACL is incremented. However, if an ACL has

multiple assignments as an RACL, then a match with an ACE in any RACL instance of the ACL

increments that same counter on all RACL-assigned instances of that ACL. (The ACE counters for

VACL and PACL instances of an ACL are not affected by counter activity in RACL instances of the

same ACL.)

160 IPv6 Access Control Lists (ACLs)