KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

TCP only

TCP flag (control bit) options for destination TCP

The log function applies to both “deny” and “permit” ACLs, and generates a message when there is either a “deny”

match or a “permit” match.

PageCommand(s)Action

129

131

HP Switch(config)# ipv6 access-list name-str

HP Switch(config-ipv6-acl)# remark remark-str

HP Switch(config-ipv6-acl)# no remark

Enter a Remark

Remove a Remark:

• Immediately After Entry

HP Switch(config-ipv6-acl)# no seq-# remark

• After entry of an ACE

125HP Switch(config)# no ipv6 access-list name-strDelete an IPv6 ACL

Command Summary for Enabling, Disabling, and Displaying ACLs

122HP Switch(config)# [no] vlan vid ipv6 access-group

name-str in | out | vlan

Enable or Disable an IPv6 RACL

123HP Switch(config)# [no] vlan vid ipv6 access-group

name-str vlan

Enable or Disable an IPv6 VACL

124HP Switch(config)# [no] interface port-list | trkx

ipv6 access-group name-str in

HP Switch (eth- port-list) | trkx)# [no] ipv6

access-group name-str in

Enable or Disable a Static Port ACL

132HP Switch# show access-list

HP Switch# show access-list acl-name-str [ config ]

HP Switch# show access-list config

HP Switch# show access-list ports port-list | trkx

HP Switch# show access-list vlan vid

HP Switch# show access-list radius port-list | all

HP Switch# show access-list resources

Displaying ACL Data

149HP Switch# show | clear statistics aclv6 acl-name-str

port port-#

HP Switch# show clear statistics aclv6 acl-name-str

vlan vid

Displaying or Clearing ACL Statistics

in | out | vlan

IPv6 ACL Terminology

Access Control

Entry (ACE)

A policy consisting of criteria and an action (permit or deny) to execute on a packet

if it meets the criteria. For IPv6 ACEs, the elements composing the criteria include:

• source IPv6 address and prefix length

• destination IPv6 address and prefix length

• either of the following:

all IPv6 traffic◦

◦ IPv6 traffic of a specific IPv6 protocol (For TCP, UDP, and ICMP, the criteria

can include either a specific sub-type within the protocol or all traffic of the

protocol type.)

• option to log packet matches with deny ACEs

• optional use of DSCP (precedence and ToS settings)

Access Control List

(ACL)

A list (or set) consisting of one or more explicitly configured Access Control Entries

(ACEs) and terminating with an implicit deny ipv6 any any ACE. Each ACE in an

Introduction 89