Ipv6 Applications - HP 2530 Manual Supplement

Every standard ACL includes an implied "deny any" as the last entry, and every extended
ACL includes an implied "deny IP any any" as the last entry. The switch applies this action to
any packets that do not match other criteria in the ACL.
In any ACL, you can apply an ACL log function to ACEs that have a "deny" action. Logging
occurs when there is a match on a "deny" ACE. (The switch sends ACL logging output to
Syslog and, optionally, to a console session.)
Standard and Extended ACL features cannot be combined in one ACL.
You can configure ACLs using either the CLI or a text editor. HP recommends that you use the
text-editor method when you plan to create or modify an ACL that has more entries than you can
easily enter or edit using the CLI. See

IPv6 applications

For RADIUS ACL applications, the switch operates in dual-stack mode, and a RADIUS-assigned
ACL filters both IPv4 and IPv6 traffic. At minimum, a RADIUS-assigned ACL automatically
includes implicit deny for both IPv4 and IPv6 traffic. Thus, an ACL configured on a RADIUS
server to filter IPv4 traffic also denies inbound IPv6 traffic from an authenticated client unless
the ACL includes ACEs that permit the desired IPv6 traffic. The reverse occurs for a dynamic
ACL configured on RADIUS server to filter IPv6 traffic. (ACLs are based on the MAC address
of the authenticating client.) See the chapter "Configuring RADIUS Server Support for Switch
Services" in the latest HP Switch Software Access Security Guide for your switch.
To support authentication of IPv6 clients:
The VLAN to which the port belongs must be configured with an IPv6 address.
Connection to an IPv6-capable RADIUS server must be supported.
For 802.1X or MAC authentication methods, clients can authenticate regardless of their IP
version (IPv4 or IPv6).
For the web authentication method, clients must authenticate using IPv4. This does not prevent
the client from using a dual stack or the port receiving a RADIUS-assigned ACL configured
with ACEs from filtering IPv6 traffic.
The RADIUS server must support IPv4 and have an IPv4 address.
RADIUS clients can be dual stack, IPv6-only, or IPv4-only.
802.1X rules for client access apply to both IPv6 and IPv4 clients for RADIUS-assigned ACLs.
62 Updates for the HP Switch Software IPv6 Configuration Guide
"Creating or editing an ACL offline" (page 102).