Overview of IPv6 ACL filters

IPv6 ACLs enable filtering on the following:
  • source and destination IPv6 addresses (required), in one of the following options:
    • specific host IPv6

    • subnet or contiguous set of IPv6 addresses

    • any IPv6 address

  • choice of any IPv6 protocol

  • optional packet-type criteria for ICMP traffic

  • optional source and/or destination TCP or UDP port, with a further option for comparison operators

  • TCP flag (control bit) options

  • filtering for TCP traffic based on whether the subject traffic is initiating a connection ("established" option)

  • optional DSCP (IP precedence and ToS) criteria

The switch allows up to 2048 ACLs each for IPv4 and IPv6 (with RADIUS-based ACL resources drawn from the IPv4 allocation). The total is determined from the number of unique identifiers in the configuration. For example, configuring two IPv6 ACLs results in an ACL total of two, even if neither is assigned to an interface. If you then assign a nonexistent IPv6 ACL to an interface, the new total is three, because the switch now has three unique IPv6 ACL names in its configuration.

For information on determining the current resource availability and usage, as well as ACL resource limits, see the latest ArubaOS-Switch Management and Configuration Guide for your switch.