beautypg.com

HP 6200YL User Manual

Page 195

background image

IPv6 Access Control Lists (ACLs)

Overview

Filtering Inbound Traffic with Multiple ACLS.

When traffic inbound on

a port is subject to multiple ACL assignments, and a RADIUS-assigned, user-
based ACL is present, then this traffic must satisfy the following conditions to
be permitted on the switch:

1 Originate with an authenticated client associated with the RADIUS-assigned ACL (if

present).

2 Be permitted by the RADIUS-assigned ACL (if present). Includes both IPv4 and IPv6

traffic (unless the ACL is configured to exclude (drop) IPv6 traffic).

3 For IPv4-only traffic, be permitted by connection-rate ACL filtering.

4 Be permitted by a VACL configured on a VLAN to which the port is assigned.*

5 Be permitted by a PACL assigned to the port.*

6 For IPv4 traffic only, be permitted by a RACL assigned inbound to the port, if the traffic

is subject to RACL rules.

*IPv4 VACLs and PACLs ignore IPv6 traffic, and the reverse.

Filtering Outbound Traffic.

Outbound IPv4 traffic can be filtered only by

a RACL assigned outbound on the port, and only if the traffic is subject to
RACL rules. (Software version K.14.01 does not support IPv6 RACLs.)

Example of Permitting Traffic Filtered Through Multiple ACLs.

On a

given interface where multiple ACLs apply to the same traffic, a packet having
a match with a

deny ACE in any applicable ACL on the interface (including an

implicit

deny any any) will be dropped.

For example, suppose the following is true:

Ports A10 and A12 belong to VLAN 100.

A static port ACL filtering inbound IPv6 traffic is configured on port
A10.

A VACL is configured on VLAN 100.

An inbound packet entering on port A10, with a destination on port A12, will
be screened by the static port ACL and the VACL, regardless of a match with
any

permit or deny action. A match with a deny action (including an implicit

deny) in either ACL will cause the switch to drop the packet. (If the packet
has a match with explicit

deny ACEs in multiple ACLs and the log option is

included in these ACEs, then a separate log event will occur for each match.)

8-19

This manual is related to the following products:
See also other documents in the category HP Computer Accessories: