Chapter 75: Advanced Access Control Lists (ACLs)
1266
Assigning Named IPv6 ACLs to VTY Lines
This example creates a Named IPv6 ACL, called “deny-all-but-one-ipv6,”
that grants IPv6 address 2001:odb8::a2/64 full access to the switch
and then denies all IP addresses access to the switch. Then deny-all-but-
one-ipv6 is assigned to all ten VTY lines with the ACCESS-CLASS
command. The result of this example is that only IP address
2001:odb8::a5/64 has remote access to the switch. See Table 140.
awplus(config_if)# ip address
10.0.0.20/24
Assign VLAN 10 an IP address and
subnet mask of 10.0.0.20/24.
awplus(config_if)# q Quit the Port Interface mode.
awplus(config)# ip access-list
deny-all-but-one
Creates a Named IPv4 ACL call “deny-all-
but-one and enters the IP ACL command
mode.
awplus(config-ip-acl)# permit ip
host 10.0.0.7 host 10.0.0.20
Allows IP address 10.0.0.7 full access to
the switch.
awplus(config-ip-acl)# deny ip
any host 10.0.0.20
Denies access all IP addresses access to
the switch.
awplus(config-ip-acl)# exit Exit the IP ACL command mode.
awplus(config)# line vty 0 9 Access the LINE VTY mode for lines 0
through 9.
awplus(config-line)# access-
class deny-all-but-one
Assigns deny-all-but-one to VTY lines 0
through 9.
Table 139. Assigning Named IPv4 ACLs to VTY Lines Example (Continued)
Command Description
Table 140. Assigning Named IPv4 ACLs to VTY Lines Example
Command Description
awplus> enable Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# interface vlan10 Enter the Port Interface mode for VLAN
10.
awplus(config_if)# ip address
2001:odb8::a5/64
Assign VLAN 10 an IPv6 address and
subnet mask of 2001:odb8::a5/64.
awplus(config_if)# q Quit the Port Interface mode.
To Next Page
Loading...
