IPv6 Configuration Guide K/KA/KB.15.15
Example 88 Enabling ACL logging on the switch
Suppose that you want to configure the following on a switch receiving IPv6 traffic and configured
for IPv4 routing:
• For port B1 on VLAN 10, configure an IPv6 ACL with an ACL-ID of "NO-TELNET" and use the
PACL in option to deny Telnet traffic entering the switch from IP address FE80::10:3.
• Configure the switch to send an ACL log message to the current console session and to a
syslog server at 10.10.50.173 on VLAN 50 if the switch detects a packet match denying a
Telnet attempt from FE80::10:3.
Figure 8 Example of an ACL log application
VLAN 20
10.10.20.1
VLAN 10
FE80::10:1
Syslog
Apply the ACL "NO TELNET" as a PACL
on port B1 to deny Telnet access to
inboundTelnet traffic from FE80::10:3.
Switch
Consol
Console RS-232
10.10.50.1
FE80::10:3
VLAN 50
10.10.50.1
Port
Example 89 Commands for applying an ACL with logging
HP Switch(config)# ipv6 access-list NO-TELNET
HP Switch(config-ipv6-acl)# remark "deny fe80::10:3 Telnet traffic."
HP Switch(config-ipv6-acl)# deny tcp host fe80::10:3 any eq telnet
log
HP Switch(config-ipv6-acl)# permit ipv6 any any
HP Switch(config-ipv6-acl)# exit
HP Switch(config)# vlan 10 ipv6 access-group NO-TELNET vlan
1
HP Switch(config)# logging 10.10.50.173
HP Switch(config)# logging facility syslog
HP Switch(config)# debug destination logging
HP Switch(config)# debug destination session
HP Switch(config)# debug acl
HP Switch(config)# write mem
HP Switch(config)# show debug
Debug Logging
Destination:
Logging --
10.10.50.173
Facility = syslog
Severity = debug
System Module = all-pass
Priority Desc =
Session
Enabled debug types:
event
acl log
HP Switch(config)# show access-list NO-TELNET config
146 IPv6 Access Control Lists (ACLs)