Ipv6 acl operation, Introduction, The packet-filtering process – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

IPv6 ACL Operation

IPv6 ACL Operation

Introduction

An ACL is a list of one or more Access Control Entries (ACEs), where each
ACE consists of a matching criteria and an action (permit or deny). An ACL
applies only to the switch in which it is configured. ACLs operate on assigned
interfaces, and offer these traffic filtering options:

■

IPv6 traffic inbound on a port.

■

IPv6 traffic inbound on a VLAN.

The following table lists the range of interface options:

Interface ACL Application

Application Point

Filter Action

Port Static

Port

ACL

(switch configured)

inbound on the switch port inbound IPv6 traffic

RADIUS-assigned
ACL

1

inbound on the switch port
used by authenticated
client

inbound IPv6 traffic from the
authenticated client

VLAN

VACL

entering the switch on the inbound IPv6 traffic
VLAN

1

This chapter describes ACLs statically configured on the switch. For information on RADIUS-

assigned ACLs, refer to the chapter titled “Configuring RADIUS Server Support for Switch
Services”in the latest version of the Access Security Guide for your switch.

N o t e

After you assign an ACL to an interface, the default action on the interface is
to implicitly deny any IPv6 traffic that is not specifically permitted by the ACL.
(This applies only in the direction of traffic flow filtered by the ACL.)

The Packet-filtering Process

Sequential Comparison and Action.

When an ACL filters a packet, it

sequentially compares each ACE’s filtering criteria to the corresponding data
in the packet until it finds a match. The action indicated by the matching ACE
(deny or permit) is then performed on the packet.

8-23