Example 48 Using copy tftp command-file to configure an ACL in the switch
Switch(config)# copy tftp command-file fe80::1ad:17 acl-001.txt
pc
Running configuration may change, do you want to continue[y/n]? y
1. ipv6 access-list "acl-001"
6. ; CREATED ON JUNE 10
10. 10 remark "Telnet Denied Here"
13. 10 deny tcp 2001:db8:0:1af::/64 ::/0 eq 23
16. 30 deny tcp ::/0 ::/0 log
19. 40 deny icmp 2001:db8:0:1af::/64 ::/0 134
22. 50 deny icmp 2001:db8:0:1af::/64 ::/0 133
27. ; PERMITS IPV6 ANY ANY
31. 60 permit ipv6 ::/0 ::/0
34. exit
36. vlan 20 ipv6 access-group acl-001 vlan
NOTE: Blank lines may appear in the command output when you copy the command file
to the switch. However, they are eliminated in the copy of the ACL in switch memory. This is
normal operation. See also Example 49 (page 104) for the configuration resulting from this
output.
4. In this example, the command to assign the ACL to a VLAN was included in the .txt command
file. If this is not done in your applications, the next step is to manually assign the new ACL
to the intended VLAN:
vlan <vid> ipv6 access-group <identifier> vlan
vlan <vid> ipv6 access-group <identifier> in
5. Then use the show run or show access-list config command to inspect the switch
configuration to ensure that the ACL was properly downloaded.
Example 49 Verifying the .txt file download to the switch
HP Switch(config)# show run
. . .
ipv6 access-list "acl-001"
10 remark "Telnet Denied Here"
10 deny tcp ::/0 ::/0 eq 23
30 deny tcp ::/0 ::/0 log
40 deny icmp ::/0 ::/0 134
50 deny icmp ::/0 ::/0 133
60 permit ipv6 ::/0 ::/0
exit
. . .
vlan 20
1
ipv6 access-group "acl-001" vlan
ipv6 access-group "acl-001" in
exit
. . .
1
As a part of the instruction set included in the .txt file, the ACL
is assigned to inbound IP traffic on VLAN 20
NOTE: The comment preceded by " ; " in the .txt source file
for this configuration do not appear in the ACL configured in
the switch
104 Updates for the HP Switch Software IPv6 Configuration Guide
To Next Page
Loading...
Need help?
General
