HP 2530 Manual Supplement page 67
Hide thumbs
Also See for 2530:
- Installation and getting started manual (93 pages) ,
- Quick setup manual (9 pages) ,
- Installation and getting started manual (101 pages)
Table of Contents
Advertisement
The following ACL model, when assigned to inbound traffic on an interface, supports the above
case:
Example 22 How an ACL filters packets ( VLAN 12 )
ipv6 access-list "Test-02"
10 permit ipv6 2001:db8:0:fb::11:42/128 ::/0
20 deny tcp 2001:db8:0:fb::11:101/128 eq 23 ::/0
30 permit ipv6 2001:db8:0:fb::11:101/128 ::/0
40 permit tcp 2001:db8:0:fb::11:33/128 ::/0 eq 23
<Implicit Deny Any Any>
exit
HP Switch(config)# vlan 12 ipv6 access-group Test-02 in
Line 10
Line 20
Line 30
Line 40
"Implicit Deny Any Any"
ACLs configurable on the switch include an implicit deny ipv6 any any. Thus, IPv6 packets
that the ACL does not explicitly permit or deny are implicitly denied and dropped instead of
forwarded on the interface. To preempt the implicit deny so that packets not explicitly denied by
other ACEs in the ACL are permitted, insert an explicit permit ipv6 any any as the last ACE
in the ACL. This permits any packet not explicitly denied by earlier entries to pass.
Permits IPv6 traffic from source address
2001:db8:0:fb::1 1:42. Packets matching this
criterion are permitted and will not be
compared to any later ACE in the list. Packets
not matching this criterion will be compared
to the next entry in the list.
Denies IPv6 Telnet traffic from source address
2001:db8:0:fb::1 1:101. Packets matching
this criterion are dropped and are not
compared to later criteria in the list. Packets
not matching this criterion are compared to
the next entry in the list.
Permits IPv6 traffic from source address
2001:db8:0:fb::1 1:101. Packets matching
this criterion will be permitted and will not be
compared to any later criteria in the list.
Because this entry comes after the entry
blocking Telnet traffic from this same address,
there will not be any Telnet packets to
compare with this entry; they have already
been dropped as a result of matching the
preceding entry.
Permits IPv6 Telnet traffic from source address
2001:db8:0:fb::1 1:33. Packets matching this
criterion are permitted and are not compared
to any later criteria in the list. Packets not
matching this criterion are compared to the
next entry in the list.
This entry does not appear in an actual ACL
listing, but is implicit as the last entry in every
IPv6 ACL. Any packets that do not match any
of the criteria in the preceding ACL entries will
be denied (dropped), and will not cross VLAN
12.
ACL operation
67
- Quick Links:
- Dhcp Snooping
- Enabling Dhcp Snooping
Hide quick links:
Advertisement
Table of Contents
