Using Cidr Notation To Enter The Ipv6 Acl Prefix Length; Configuration Commands; Configuring Acls - HP 2530 Manual Supplement
Hide thumbs
Also See for 2530:
- Installation and getting started manual (93 pages) ,
- Quick setup manual (9 pages) ,
- Quick setup manual (6 pages)
Table of Contents
Advertisement
Duplicate sequence numbering for ACEs is not allowed in the same ACL. Entering a duplicate ACE
displays the message: Duplicate sequence number.
Using CIDR notation to enter the IPv6 ACL prefix length
CIDR (classless inter-domain routing) notation is used to specify ACL prefix lengths. The switch
compares the address bits specified by a prefix length for an SA or DA in an ACE with the
corresponding address bits in a packet filtered by the ACE. If the designated bits in the ACE and
in the packet have identical settings, the addresses match. (The examples show bit counts subtracted
from 128 for wildcard remainders.)
Table 16 Examples of CIDR notation for prefix lengths
SA or DA used in an ACL with CIDR
notation
2620:0:a03:e102::/64
2620:0:a03:e102:215::/80
2620:0:a03:e102:215:60ff:fe7a:adc0/128
2001:db8:a03:e102:0:ab4:100::/1 12
Configuration commands
Configuring ACLs
Task
Creating, entering and configuring
an ACL
Inserting an ACE in an existing ACL
with a sequence number
80
Updates for the HP Switch Software IPv6 Configuration Guide
Resulting prefix length defining an
address match
2620:0:a03:e102
2620:0:a03:e102:215
2620:0:a03:e102:215:60ff:fe7a:adc0
2001:db8:a03:e102:0:ab4:100
Example
HP Switch(config)# ipv6 access-list <name-str>
HP Switch(config-ipv6-acl)#
<ipv6 | esp | ah | sctp | ipv6-protocol-nbr>
<any | host <SA> | SA/<prefix-length>>
<any | host <DA> | DA/<prefix-length>>
<tcp | udp>
<any | host <SA> | SA/<prefix-length>>
[ comparison-operator <value> ]
<any | host <DA> | DA/<prefix-length>>
[ comparison-operator <value> ]
[established]
1
[ack] [fin] [rst] [syn]
2
<icmp>
<any | host <SA> | SA/<prefix-length>>
<any | host <DA> | DA/<prefix-length>>
[log]
3
HP Switch(config)# ipv6 access-list <name-str>
HP Switch(config-ipv6-acl)# <seq-#> < deny | permit >
Meaning
The leftmost 64 bits must match. The
remaining 64 bits are wildcards.
The leftmost 80 bits must match. The
remaining 48 bits are wildcards.
All 128 bits must match. This
specifies a single host address.
The leftmost 1 12 bits must match.
The remaining 16 bits are
wildcards.
<deny | permit>
Page
81
88
- Quick Links:
- Dhcp Snooping
- Enabling Dhcp Snooping
Hide quick links:
Advertisement
Table of Contents
