Ipv6 static port acl applications, Radius-assigned (dynamic) port acl applications, Ipv6 static port acl applications -15 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Overview

VLAN 1 with VACL “A”

(one network)

2001:db8:0:111::1

VLAN 2 with VACL “B”

(multiple networks)

2001:db8:0:22a::1

2001:db8:0:22b::1

2001:db8:0:22c::1

The prefix for this example is /64.

Because VLAN 2 is
subnetted, configuring a
VACL on VLAN 2 filters the
inbound IPv6 traffic from
multiple networks.

D

C

E

B

2001:db8:0:111::25

2001:db8:0:111::17

2001:db8:0:22b::12

2001:db8:0:22c::33

Switch with IPv6 VACLs Configured

A

2001:db8:0:22c::2

2001:db8:0:22a::132

2001:db8:0:22b::19

2001:db8:0:22a::144

F

G

H

Figure 8-1. Example of VACL Filter Applications on IPv6 Traffic Entering the Switch

N o t e

The switch allows one IPv6 VACL assignment configured per VLAN. This is in
addition to any static or RADIUS-assigned (dynamic) ACLs assigned to ports
in the VLAN.

IPv6 Static Port ACL Applications

An IPv6 static port ACL filters IPv6 traffic inbound on the designated port(s).

RADIUS-Assigned (Dynamic) Port ACL Applications

N o t e

Beginning with software release K.14.01, IPv6 support is available for
RADIUS-assigned port ACLs configured to filter inbound IPv4 and IPv6 traffic
from an authenticated client. Also, the implicit deny in RADIUS-assigned ACLs
applies to both IPv4 and IPv6 traffic inbound from the client. For information
on enabling RADIUS-assigned ACLs, refer to the chapter titled “Configuring
RADIUS Support for Switch Services” in this guide.

8-15