SUMMARY STEPS
1.
configure terminal
2.
[no]{ipv6 access-list list-name| client permit-control-packets| log-update threshold| role-based
list-name}
3.
[no]{deny | permit} protocol {source-ipv6-prefix/|prefix-length|any threshold| host source-ipv6-address}
[ operator [ port-number ]] { destination-ipv6-prefix/ prefix-length | any | host destination-ipv6-address}
[operator [port-number]][dscp value] [fragments] [log] [log-input] [routing] [sequence value] [time-range
name]
4.
{deny | permit} tcp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6- prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [ack] [dscp value] [established] [fin] [log] [log-input] [neq {port | protocol}] [psh]
[range {port | protocol}] [rst] [routing] [sequence value] [syn] [time-range name] [urg]
5.
{deny | permit} udp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input] [neq {port | protocol}] [range {port | protocol}] [routing]
[sequence value] [time-range name]]
6.
{deny | permit} icmp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] | icmp-message] [dscp value] [log] [log-input] [routing] [sequence
value] [time-range name]
7.
end
8.
show ipv6 access-list
9.
copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Defines an IPv6 ACL name, and enters IPv6 access list configuration mode.
[no]{ipv6 access-list list-name| client
permit-control-packets| log-update threshold|
role-based list-name}
Step 2
Example:
Switch(config)# ipv6 access-list
example_acl_list
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched. These are the conditions:
[no]{deny | permit} protocol
{source-ipv6-prefix/|prefix-length|any
Step 3
threshold| host source-ipv6-address} [ operator
•
For protocol, enter the name or number of an Internet protocol: ahp,
esp, icmp, ipv6, pcp, stcp, tcp, or udp, or an integer in the range 0
to 255 representing an IPv6 protocol number.
[ port-number ]] { destination-ipv6-prefix/
prefix-length | any | host
destination-ipv6-address} [operator
[port-number]][dscp value] [fragments] [log]
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
158 OL-29434-01
Configuring IPv6 ACLs
How to Configure IPv6 ACLs
To Next Page
Loading...
