Example of using the offline process, Example of using the offline process -85 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Creating or Editing ACLs Offline

If you are replacing an ACL on the switch with a new ACL that uses the
same number or name syntax, begin the command file with a

no ip access-

list command to remove the earlier version of the ACL from the switch’s
running-config file. Otherwise, the switch will append the new ACEs in
the ACL you download to the existing ACL. For example, if you planned
to use the

copy command to replace an ACL named “List-120”, you would

place this command at the beginning of the edited file:

no ipv6 access-list List-120

no ipv6 access-list List-120

Removes an existing ACL and

ip access-list "List-120"

replaces it with a new version with

10 remark "THIS ACE ALLOWS TELNET"

the same identifier. To append new

10 permit tcp fe80::17/128 ::/0 eq 23

ACEs to an existing ACL instead of
replacing it, you would omit the

20 deny ipv6 fe80::123/128 fe80::/125 log

first line and ensure that the

30 deny ipv6 fe80::255/128 fe80::/125 log

sequence numbering for the new

40 remark "THIS IS THE FINAL ACE IN THE LIST"

ACEs begin with a number greater

40 permit ipv6 ::/0 ::/0

than the highest number in the

exit

existing list.

Figure 8-33. Example of an Offline ACL File Designed To Replace An Existing ACL

3. Use

copy tftp command-file to download the file as a list of commands to

the switch.

Example of Using the Offline Process

For example, suppose that you wanted to create an IPv6 ACL for a VACL
application and download it to a switch from a TFTP server at FE80::1ad:17.

1. You would create a

.txt file with the content shown in figure 8-34.

8-85