HP 6200YL User Manual
Page 187
IPv6 Access Control Lists (ACLs)
Terminology
Note that an empty ACL does not include an Implicit Deny and does not
filter traffic. However, if you configure any ACE in an empty ACL that is
already assigned to an interface, the ACL immediately begins filtering
traffic, which includes application of the Implicit Deny.
identifier: A term used in ACL syntax statements to represent the alphanumeric
name by which the ACL can be accessed. An identifier can have up to 64
characters. See also
NAME-STR.
Note:
RADIUS-assigned ACLs are identified by client authentication
criteria and do not use the identifiers described in this chapter.
Implicit Deny:
If the switch finds no matches between an IPv6 packet and
the configured criteria in an applicable ACL, then the switch denies
(drops) the packet with an implicit
deny ipv6 any any function. You can pre
empt the Implicit Deny in a given ACL by configuring a
permit ipv6 any any
as the last explicit ACE in the ACL. Doing so permits any packet that is
not explicitly permitted or denied by other ACEs configured sequentially
earlier in the ACL.
Note:
Beginning with software release K.14.01, any dynamically created
ACL will include an implicit deny for both Ipv4 and IPv6 traffic, regardless
of the address family capabilities of the server. Refer to “RADIUS-
Assigned ACLs” on page 8-6.
Inbound Traffic:
For the purpose of defining where the switch applies IPv6
ACLs to filter traffic, inbound traffic is a packet that meets one of the
following criteria:
•
VLAN ACL (VACL): Inbound traffic is a packet entering the switch on
a VLAN interface (or a subnet in a multinetted VLAN).
•
Static Port ACL: Inbound traffic is a packet entering the switch on the
port.
•
RADIUS-Assigned ACL: Where a RADIUS server has authenticated a
client and assigned an ACL to the port to filter the client’s IPv6 traffic,
inbound traffic is a packet entering the switch from that client. (Note
that IPv4 traffic-filtering is automatically included in a RADIUS-
assigned ACL configured to filter IPv6 traffic.)
NAME-STR: The term used in ACL syntax statements to represent the “name
string”; the alphanumeric string used to identify the ACL. A name string
allows up to 64 alphanumeric characters. See also
IDENTIFIER and ACL
ID
.
Outbound Traffic:
For defining the points where the switch applies an RACL
(Routed ACL) to filter traffic, outbound traffic is routed traffic leaving the
switch
through a VLAN interface (or a subnet in a multinetted VLAN).
“Outbound traffic” can also apply to switched traffic leaving the switch
8-11