C613-50631-01 Rev A Command Reference for IE340 Series 2077
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
IPV6 HARDWARE ACCESS CONTROL LIST (ACL) COMMANDS
(NAMED IPV6 HARDWARE ACL: TCP OR UDP ENTRY)
end of the ACL and assigns it the next available multiple of 4 as its sequence
number.
Once you have configured the ACL, use the ipv6 traffic-filter or the match
access-group command to apply this ACL to a port, VLAN or QoS class-map. Note
that the ACL will only apply to incoming data packets.
Examples To add a filter entry that blocks all SSH traffic from network 2001:0db8::0/64 to the
hardware IPv6 access-list named “my-acl”, use the commands:
awplus# configure terminal
awplus(config)# ipv6 access-list my-acl
awplus(config-ipv6-hw-acl)# deny tcp 2001:0db8::0/64 any eq 22
To add a filter entry that blocks all SSH traffic from network 2001:0db8::0/64 on the
default VLAN (vlan1) to the hardware IPv6 access-list named “my-acl”, use the
commands:
awplus# configure terminal
awplus(config)# ipv6 access-list my-acl
awplus(config-ipv6-hw-acl)# deny tcp 2001:0db8::0/64 any eq 22
vlan 1
To remove an ACL filter entry that blocks all SSH traffic from network 2001:0db8::0/
64 from the hardware IPv6 access-list named “my-acl”, use the commands:
awplus# configure terminal
awplus(config)# ipv6 access-list my-acl
awplus(config-ipv6-hw-acl)# no deny tcp 2001:0db8::0/64 any eq
22
Related
commands
ipv6 access-list (named IPv6 hardware ACL)
ipv6 traffic-filter
match access-group
show ipv6 access-list (IPv6 Hardware ACLs)
Command
changes
Version 5.5.3-0.1: deny-and-not-cpu action parameter added on x230, x550, x930,
x950, SBx908 GEN2 Series switches
Version 5.5.3-0.1: log parameter added on x220, x320, x530, x550, x950, SBx908
GEN2 Series switches
Version 5.4.7-2.1: send-to-vlan-port action parameter added on GS900MX,
GS980MX, XS900MX, SBx8100, SBx908 GEN2, x950 Series switches
Version 5.4.6-2.1: send-to-vlan-port action parameter added on IX5, x230, x310,
x510, x930 Series switches
To Next Page
Loading...
Need help?
General
