Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
919293949596979899100
Example 60 VACL filter applications on IPv6 traffic
In Figure 4 (page 95) ,you would assign a VACL to VLAN 2 to filter all inbound switched or routed
IPv6 traffic received from clients on the 2001:db8 :0:222:: network. In this instance, routed IPv6
traffic received on VLAN 2 from VLANs 1 or 3 would not be filtered by the VACL on VLAN 2.
Figure 4 Example of VACL filter applications on IPv6 traffic entering the switch
NOTE: The switch allows one IPv6 VACL assignment configured per VLAN. This is in addition
to any other IPv6 ACL applications assigned to the IP routing interface or to ports in the VLAN.
IPv6 static port ACL applications
An IPv6 static port ACL filters IPv6 traffic inbound on the designated ports, regardless of whether
the traffic is switched or routed.
An IPv6 static port ACL filters IPv6 traffic inbound on the designated ports.
RADIUS-assigned (dynamic) port ACL applications
NOTE: Beginning with software release K.14.01, IPv6 support is available for RADIUS-assigned
port ACLs configured to filter inbound IPv4 and IPv6 traffic from an authenticated client. Also, the
implicit deny in RADIUS-assigned ACLs applies to both IPv4 and IPv6 traffic inbound from the client.
For information on enabling RADIUS-assigned ACLs, see chapter "Configuring RADIUS Support
for Switch Services" in this guide.
Dynamic (RADIUS-assigned) port ACLs are configured on RADIUS servers and can be configured
to filter IPv4 and IPv6 traffic inbound from clients authenticated by such servers. For example, in
Figure 4 (page 95), client "A" connects to a given port and is authenticated by a RADIUS server.
Because the server is configured to assign a dynamic ACL to the port, the IPv4 and IPv6 traffic
inbound on the port from client "A" is filtered. See also “Operating notes for IPv6 applications
(page 96).
Effect of RADIUS-assigned ACLs when multiple clients are using the same port
Some network configurations may allow multiple clients to authenticate through a single port where
a RADIUS server assigns a separate, RADIUS-assigned ACL in response to each client's
authentication on that port. In such cases, a given client's inbound traffic is allowed only if the
Overview 95