Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

62-20

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 62 Configuring Network Security with ACLs

Applying IPv6 ACLs to Layer 2 and 3 Interface

The following example show various ways of configuring ACEs in IPv6 ACL:

Switch(config)#ipv6 access-list v6test

The permit entry specifies the source and destination IPv6 addresses using wildcard masks:

Switch(config-ipv6-acl)#permit 1:2::3 FF:0:FFFF:AA:20:: 4:5::6 0:FFFF:2233::FFFF

Here the permit entry allows all packets that have a source UDP port, and specifies the permit

conditions for a destination IPv6 addresses using prefix/ prefix-length:

Switch(config-ipv6-acl)#permit udp any 3:8::5/64

Here the permit entry allows all packets that have a source TCP port and the IPv6 addresses (that

has been specified using a wildcard mask), and allows destination addresses that have IPv6 prefix

::/0.

Switch(config-ipv6-acl)#permit tcp 1:2::3 FFFF:FFFF:: any

Here the permit entry allows all packets (source and destination) that have IPv6 prefix ::/0. This is

necessary because an implicit deny -all condition is at the end of each IPv6 access list.

Switch(config-ipv6-acl)#permit any any

To enable hardware statistics, enter the following commands while configuring ACEs in the access list:

Switch(config)# ipv6 access-list v6test

Switch(config-ipv6-acl)# hardware statistics

Switch(config-ipv6-acl)# end

Note Hardware statistics is disabled by default.

Applying IPv6 ACLs to Layer 2 and 3 Interface

To apply an IPv6 ACL to a Layer 3 interface, perform the following task:

Note IPv6 ACLs are supported on Layer 3 interfaces and on Layer 2 ports using the ipv6 traffic-filter

command.

The following example applies the extended-named IPv6 ACL simple-ipv6-acl to SVI 300 routed ingress

traffic:

Switch# configure terminal

Switch(config)# interface vlan 300

Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface-type

slot/interface

Specifies the interface to be configured.

Note interface-type must be a Layer 3 interface.

Step 3

Switch(config-if)# ipv6 traffic-filter

ipv6-acl {in|out}

Applies the IPv6 ACL to a Layer 3 interface.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E