HP 2530 Manual Supplement page 66
Hide thumbs
Also See for 2530:
- Quick setup manual (6 pages) ,
- Quick setup manual (9 pages) ,
- Installation and getting started manual (93 pages)
Table of Contents
Advertisement
Example 21 How an ACL filters packets ( VLAN 100 )
ipv6 access-list "Test-02"
10 permit ipv6 2001:db8:0:fb::11:42/128 ::/0
20 deny tcp 2001:db8:0:fb::11:101/128 eq 23 ::/0
30 permit ipv6 2001:db8:0:fb::11:101/128 ::/0
40 permit tcp 2001:db8:0:fb::11:33/128 ::/0 eq 23
<Implicit Deny Any Any>
Line 10
Line 20
Line 30
Line 40
"Implicit Deny Any Any"
To assign the above ACL, use this command:
HP Switch(config)# vlan 100 ipv6 access-group Test-02 vlan
For example, suppose you want to configure an ACL on the switch (with an ID of "Test-02") to
invoke these policies for IPv6 traffic entering the switch on VLAN 12:
1.
Permit inbound IPv6 traffic from 2001:db8:0:fb::1 1:42.
2.
Deny only the inbound Telnet traffic from 2001:db8:0:fb::1 1:101.
3.
Permit inbound IPv6 traffic from 2001:db8:0:fb::1 1:101.
4.
Permit only inbound Telnet traffic from 2001:db8:0:fb::1 1:33.
5.
Deny any other inbound IPv6 traffic.
66
Updates for the HP Switch Software IPv6 Configuration Guide
Permits IPv6 traffic from
2001:db8:0:fb::1 1:42. Packets matching this
criterion are permitted and will not be
compared to any later ACE in the list. Packets
not matching this criterion will be compared
to the next entry in the list.
Denies IPv6 Telnet traffic from
2001:db8:0:fb::1 1:101. Packets matching
this criterion are dropped and are not
compared to later criteria in the list. Packets
not matching this criterion are compared to
the next entry in the list.
Permits IPv6 traffic from
2001:db8:0:fb::1 1:101. Packets matching
this criterion will be permitted and will not be
compared to any later criteria in the list.
Because this entry comes after the entry
blocking Telnet traffic from this same address,
there will not be any Telnet packets to
compare with this entry; they have already
been dropped as a result of matching the
preceding entry.
Permits IPv6 Telnet traffic from
2001:db8:0:fb::1 1:33. Packets matching this
criterion are permitted and are not compared
to any later criteria in the list. Packets not
matching this criterion are compared to the
next entry in the list.
This entry does not appear in an actual ACL,
but is implicit as the last entry in every IPv6
ACL. Any IPv6 packets that do not match any
of the criteria in the preceding ACL entries are
denied (dropped) from the VLAN.
- Quick Links:
- Dhcp Snooping
- Enabling Dhcp Snooping
Hide quick links:
Advertisement
Table of Contents
