Manualshelf

IPv6 Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R-92G-PoE+/2SFP+ (No PSU) v2 zl2 Switch
81828384858687888990
IPv6 ACL includes layer- 3 IPv6 source and destination criteria and IPv6 protocol-specific
criteria. IPv6 ACLs can be applied in any of the following ways:
RACL
An ACL assigned to filter routed IPv6 traffic entering or leaving the switch on a
VLAN or tunnel. (Separate assignments are required for inbound and outbound
IPv6 traffic.)
VACL
An ACL assigned to filter inbound IPv6 traffic on a specific VLAN configured on
the switch
Static Port ACL
An ACL assigned to filter inbound IPv6 traffic on a specific switch port
RADIUS-assigned ACL
Dynamic ACL assigned to a port by a RADIUS server to filter inbound IPv4 and
IPv6 traffic from an authenticated client on that port. See the chapter titled
“Configuring RADIUS Server Support for Switch Services” in the latest Access
Security Guide for your switch.
Static ACLs are configured in switch memory with an alphanumeric name, and can be
assigned to an IP routing interface as an RACL or VACL (or both), and to a port list (or
static trunk). (RADIUS-assigned ACLs are configured on a RADIUS server, and are
identified by the associated client credentials instead of an alphanumeric name.)
ACE See Access Control Entry (ACE).
ACL See Access Control List (ACL).
ACL ID An alphanumeric string used to identify an ACL. See also identifier and name-str.
NOTE: RADIUS-assigned ACLs are identified by client authentication data and do
not use the ACL ID strings described in this chapter.
ACL Prefix Follows any IPv6 address listed in an IPv6 ACE. Analogous to the ACL mask used with
IPv4 ACEs. Specifies the number of leftmost, contiguous bits in a packet’s corresponding
IPv6 addressing that must exactly match the IPv6 addressing in the ACE, and which
bits need not match (wildcards), (see “How an ACE uses a prefix to screen packets for
SA and DA matches” (page 107)).
Address Family Used in this manual to refer to the version of the IP protocol running on the switch; IPv4
and IPv6.
CIDR The acronym for Classless Inter-Domain Routing. In IPv6 ACEs, CIDR notation is used
to specify the prefix length for SA and DA address criteria. For example, the length of
the following prefix includes the first 48 bits of an address: 2001:db8:101::/48
DA The acronym for Destination Address. In an IPv6 packet, this is the destination IPv6
address carried in the header, and identifies the packet’s destination. This is the second
of two IPv6 addresses used in an ACE to determine whether there is a match between
an IPv6 packet and the ACE.
See also SA.
Deny An ACE configured with this action causes the switch to drop an IPv6 packet for which
there is a match within an applicable ACL.
90 IPv6 Access Control Lists (ACLs)