Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
Note
10-122
IPv6 Counter Operation with Multiple Interface Assignments
The examples of counters in this section use small values to help illustrate
counter operation. The counters in real-time network applications are gener-
ally much more active and show higher values.
Where the same IPv6 ACL is assigned to multiple interfaces, the switch
maintains a separate instance of each ACE counter in the ACL. When there is
a match with traffic on one of the ACL's assigned interfaces, only the affected
ACE counters for that interface are incremented. Other instances of the same
ACL applied to other interfaces are not affected.
For example, suppose that:
■
An ACL named "V6-01" is configured as shown in figure 10-50 to block
Telnet access to a workstation at FE80::20:2, which is connected to a
port belonging to VLAN 20.
■
The ACL is assigned as a PACL (port ACL) on port B2, which is also
a member of VLAN 20:
HP Switch(config)# show access-list config
ipv6 access-list "V6-01"
10 permit icmp ::/0 fe80::20:2/128 128
20 deny tcp ::/0 fe80::20:2/128 eq 23 log
30 permit ipv6 ::/0 ::/0
exit
HP Switch(config)# int b2 ipv access-group V6-01 in
Figure 10-50. ACL "V6-01" and Command for PACL Assignment on Port 2
FE80::20:2
Figure 10-51. Application to Filter Traffic Inbound on Port B2
5400zl Switch
VLAN 20
Port
B2
FE80::20:1
ACL "V6-01" assigned as
a PACL on port B2.
Assigns the ACL to port 2.
FE80::20:117
Hide quick links:
Advertisement
Table of Contents
