Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
81828384858687888990
5 IPv6 Access Control Lists (ACLs)
NOTE: All commands previously in the Summary of commands table are indexed under the entry
Command syntax.
Introduction
An access control list (ACL) contains one or more access control entries (ACEs) specifying the
criteria the switch uses to either permit (forward) or deny (drop) IP packets traversing the switch's
interfaces. This chapter describes how to configure, apply, and edit static IPv6 ACLs for filtering
IPv6 traffic in a network populated with the switches and how to monitor IPv6 ACL actions.
NOTE: Because the switches operate in an IPv4/IPv6 dual stack mode, IPv6 and IPv4 ACLs can
operate simultaneously in these switches. However:
Static IPv6 ACLs and IPv4 ACLs do not filter each other's traffic.
IPv6 and IPv4 ACEs cannot be configured in the same static ACL.
RADIUS-assigned ACLs can be configured to filter either IPv4 traffic only, or both IPv4 and
IPv6 traffic.
In this chapter, unless otherwise noted:
The term "ACL" refers to IPv6 ACLs.
Descriptions of ACL operation apply only to IPv6 traffic.
For information on configuring and applying static IPv4 ACLs, see chapter "IPv4 Access Control
Lists (ACLs)" in the Access Security Guide for your switch.
CLI page
referenceDefaultFeature
109NoneConfigure IPv6 ACLs
122n/aFiltering routed IPv6 traffic
133n/aViewing ACL Configuration Data
125n/aDelete an ACL
125n/aInserting an ACE in an existing ACL
143n/aCreating or Editing ACLs Offline
157n/aEnable ACL Logging
IPv6 traffic filtering with ACLs can help to improve network performance and restrict network use
by creating policies for:
Switch management access
Permits or denies in-band management access. This includes limiting and/or preventing the
use of designated protocols that run on top of IPv6, such as TCP, UDP, ICMP, and others. Also
included are the use of DSCP criteria and control for application transactions based on source
and destination IPv6 addresses and transport layer port numbers.
Application access security
Eliminates unwanted IPv6 traffic in a path by filtering IPv6 packets where they enter or leave
the switch on specific VLAN interfaces.
Introduction 87