KB.15.15

Example 104 IPv6 counter operation with multiple interface assignments

Suppose that:

• An ACL named "V6-01" is configured as shown in Example 105 (page 159)

to block Telnet access to a workstation at FE80::20:2, which is connected to

a port belonging to VLAN 20.

• The ACL is assigned as a PACL (port ACL) on port 2, which is also a member

of VLAN 20:

Example 105 ACL "V6-01" and command for PACL assignment on port 2

HP Switch(config)# show access-list V6-01 config

ipv6 access-list "V6-01"

10 permit icmp ::/0 fe80::20:2/128 128

20 deny tcp ::/0 fe80::20:2/128 eq 23 log

30 permit ipv6 ::/0 ::/0

exit

HP Switch(config)# int b2 ipv access-group V6-01 in

Assigns the ACL to port 2

Figure 11 Application to filter traffic inbound on port B2

FE80::20:2

ACL "V6-01" assigned

as a PACL on port B2.

VLAN 20

FE80::20:1

5400zl Switch

FE80::20:117

Port

Using the topology in Figure 11 (page 159), a workstation at FE80::20:117 on port B2 attempting

to ping and Telnet to the workstation at FE80::20:2 is filtered through the PACL instance of the

"V6-01" ACL assigned to port B2, resulting in the following:

IPv6 counter operation with multiple interface assignments 159