IPv6 Configuration Guide K/KA/KB.15.15
1
TCP only
2
TCP flag (control bit) options for destination TCP
3
The log function applies to both “deny” and “permit” ACLs, and generates a message when there is either a “deny”
match or a “permit” match.
PageCommand(s)Action
129
131
HP Switch(config)# ipv6 access-list name-str
HP Switch(config-ipv6-acl)# remark remark-str
HP Switch(config-ipv6-acl)# no remark
Enter a Remark
Remove a Remark:
• Immediately After Entry
HP Switch(config-ipv6-acl)# no seq-# remark
• After entry of an ACE
125HP Switch(config)# no ipv6 access-list name-strDelete an IPv6 ACL
Command Summary for Enabling, Disabling, and Displaying ACLs
122HP Switch(config)# [no] vlan vid ipv6 access-group
name-str in | out | vlan
Enable or Disable an IPv6 RACL
123HP Switch(config)# [no] vlan vid ipv6 access-group
name-str vlan
Enable or Disable an IPv6 VACL
124HP Switch(config)# [no] interface port-list | trkx
ipv6 access-group name-str in
HP Switch (eth- port-list) | trkx)# [no] ipv6
access-group name-str in
Enable or Disable a Static Port ACL
132HP Switch# show access-list
HP Switch# show access-list acl-name-str [ config ]
HP Switch# show access-list config
HP Switch# show access-list ports port-list | trkx
HP Switch# show access-list vlan vid
HP Switch# show access-list radius port-list | all
HP Switch# show access-list resources
Displaying ACL Data
149HP Switch# show | clear statistics aclv6 acl-name-str
port port-#
HP Switch# show clear statistics aclv6 acl-name-str
vlan vid
Displaying or Clearing ACL Statistics
in | out | vlan
IPv6 ACL Terminology
Access Control
Entry (ACE)
A policy consisting of criteria and an action (permit or deny) to execute on a packet
if it meets the criteria. For IPv6 ACEs, the elements composing the criteria include:
• source IPv6 address and prefix length
• destination IPv6 address and prefix length
• either of the following:
all IPv6 traffic◦
◦ IPv6 traffic of a specific IPv6 protocol (For TCP, UDP, and ICMP, the criteria
can include either a specific sub-type within the protocol or all traffic of the
protocol type.)
• option to log packet matches with deny ACEs
• optional use of DSCP (precedence and ToS settings)
Access Control List
(ACL)
A list (or set) consisting of one or more explicitly configured Access Control Entries
(ACEs) and terminating with an implicit deny ipv6 any any ACE. Each ACE in an
Introduction 89