KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R-92G-PoE+/2SFP+ (No PSU) v2 zl2 Switch

101

102

103

104

105

106

107

108

109

110

IPv6 routing:

To activate an IPv6 RACL to screen inbound traffic for routing between subnets, assign the RACL

to the statically configured VLAN on which the traffic enters the switch. Also, ensure that IPv6

routing is enabled. Similarly, to activate an IPv6 RACL to screen routed, outbound traffic, assign

the RACL to the statically configured VLAN on which the traffic exits from the switch.

Inbound traffic having a destination IPv6 address on the routing switch itself are screened by an

IPv6 RACL that is configured to screen inbound traffic, regardless of whether IPv6 routing is enabled.

ACLs do not screen outbound traffic generated by the routing switch itself.

IPv6 ACL operation

An ACL is a list of one or more ACEs, where each ACE consists of a matching criteria and an

action (permit or deny). An ACL applies only to the switch in which it is configured. ACLs operate

on assigned interfaces, and offer these traffic filtering options:

• IPv6 traffic inbound on a port.

• IPv6 traffic inbound on a VLAN.

• Routed IPv6 traffic entering or leaving the switch on a VLAN. (ACLs do not screen traffic at

the internal point where traffic moves between VLANs or subnets within the switch.)

The following table lists the range of interface options:

Filter actionApplication pointACL applicationInterface

Inbound IPv6 trafficInbound on the switch portStatic port ACL (switch configured)Port

Inbound IPv6 traffic from

the authenticated client

Inbound on the switch port

used by authenticated

client

RADIUS-assigned ACL

This chapter describes ACLs

statically configured on the

switch. For information on

RADIUS-assigned ACLs, see the

Access Security Guide for your

switch.

Inbound IPv6 trafficEntering the switch on the

VLAN

VACLVLAN

Routed IPv6 traffic entering

the switch and IPv6 traffic

Entering the switch on the

VLAN

RACL

Supports one inbound and/or

one outbound RACL. When

IP routing

interface

(VLAN or

tunnel)

with a destination on the

switch itselfboth are used, one RACL can

be assigned to filter both

inbound and outbound, or

different RACLs can be

assigned to filter inbound and

outbound.

Routed IPv6 traffic exiting

from the switch

Exiting from the switch on

the VLAN

NOTE: After you assign an ACL to an interface, the default action on the interface is to implicitly

deny any IPv6 traffic that is not specifically permitted by the ACL. (This applies only in the direction

of traffic flow filtered by the ACL.)

IPv6 ACL operation 101