EasyManua.ls Logo

Cisco WS-C3020 - Applying an Ipv6 ACL to an Interface

Cisco WS-C3020
960 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
37-6
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
OL-8915-03
Chapter 37 Configuring IPv6 ACLs
Configuring IPv6 ACLs
Use the no deny | permit IPv6 access-list configuration commands with keywords to remove the deny
or permit conditions from the specified access list.
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all
packets that have a destination TCP port number greater than 5000. The second deny entry denies
packets that have a source UDP port number less than 5000. The second deny also logs all matches to
the console. The first permit entry in the list permits all ICMP packets. The second permit entry in the
list permits all other traffic. The second permit entry is necessary because an implicit deny -all condition
is at the end of each IPv6 access list.
Switch(config)# ipv6 access-list CISCO
Switch(config-ipv6-acl)# deny tcp any any gt 5000
Switch config-ipv6-acl)# deny ::/0 lt 5000 ::/0 log
Switch(config-ipv6-acl)# permit icmp any any
Switch(config-ipv6-acl)# permit any any
Applying an IPv6 ACL to an Interface
This section describes how to apply IPv6 ACLs to network interfaces. You can apply ACLs only to
inbound management traffic on Layer 3 interfaces.
Beginning in privileged EXEC mode, follow these steps to control access to an interface:
Use the no ipv6 traffic-filter access-list-name interface configuration command to remove an access list
from an interface.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Identify a Layer 3 interface on which to apply an access list, and enter interface
configuration mode.
Step 3
no switchport Change the interface from Layer 2 mode (the default) to Layer 3 mode.
Step 4
ipv6 address ipv6-address Configure an IPv6 address on the Layer 3 interface.
This command is not required if the interface has already been configured with
an explicit IPv6 address.
Step 5
ipv6 traffic-filter access-list-name
{in}
Apply the access list to incoming traffic on the interface.
Step 6
end Return to privileged EXEC mode.
Step 7
show running-config Verify the access list configuration.
Step 8
copy running-config
startup-config
(Optional) Save your entries in the configuration file.

Table of Contents

Related product manuals