Example 25 General structure options for an IPv6 ACL
ipv6 access-list <identifier>
[seq-#]
[remark <remark-str]
<permit|deny>
0 - 255
esp
ah
sctp
icmp
<SA> [operator <value>]
<DA> [operator <value>] [type[code]|icmp-msg] [dscp
<codepoint|precedence>]
ipv6
tcp
<SA> [operator <value>]
<DA> [operator <value>]
[dscp <codepoint|precedence]
[established]
[ack|fin|rst|syn]
udp
<SA> [operator <value>]
<DA> [operator <value>][dscp <codepoint|precedence]
[log] (Allowed only with “deny” ACEs.)
. . .
<Implicit Deny Any Any>
exit
The ACL configuration (Example 26 (page 76)) filters traffic for individual hosts in some cases and
all hosts in others; Table 14 (page 76) explains details of the configuration by line number.
Example 26 Displayed ACL configuration
HP Switch# show run
.
.
.
ipv6 access-list "Sample-List-1"
10 permit ipv6 2001:db8:0:130::55/128 2001:db8:0:130::240/128
20 permit tcp ::/0 ::/0 eq 23
30 remark "ALLOWS HTTP FROM SINGLE HOST."
30 permit tcp 2001:db8:0:140::14/128 eq 80 ::/0 eq 3871
40 remark "DENIES HTTP FROM ANY TO ANY."
40 deny tcp ::/0 ::/0 eq 80 log
50 deny udp 2001:db8:0:150::44/128 eq 69 2001:db8:0:120::19/128
range 3680 3690 log
60 deny udp ::/0 2001:db8:0:150::121/128 log
70 permit ipv6 2001:db8:0:01::/56 ::/0
exit
Table 14 Displayed ACL configuration example explanation
ActionLine
Permits all IPv6 traffic from the host at 2001:db8:0:130::55 to the host at 2001:db8:0:130::240.10
Permits all Telnet traffic from any source to any destination.20
Includes a remark and permits TCP port 80 traffic received at any destination as port 3871 traffic.30
Includes a remark, denies TCP port 80 traffic received at any destination, and causes a log message
to be generated when a match occurs.
40
76 Updates for the HP Switch Software IPv6 Configuration Guide
To Next Page
Loading...
Need help?
General
