DGS-3610(config-ipv6-nacl)# [sn]
{permit | deny }prot {src-ipv6-prefix/prefix-len |
host src-ipv6-addr | any}
{dst-ipv6-pfix/pfix-len | any | host
dst-ipv6-addr} [dscp dscp] [flow-label
flow-label] [time-range
tm-rng-name]
Add table entries for ACL. For details about
commands, please see command reference.
44.5.2 Configuration of Showing
IPv6Extended Access Lists
To monitor access lists, please run the following command the in privileged user mode:
DGS-3610# show access-lists [name]
This command can be used to view the basic access list.
44.5.3 IPv6 Extended Access List Example
You can implement the following security functions by configuring access lists:
The 192.168.4.12 host can access the gi 0/1 port of a device.
It cannot access other ports.
DGS-3610> enable
DGS-3610# config terminal
DGS-3610(config)# ipv6 access-list v6-list
DGS-3610(config-ipv6-nacl)# permit ipv6 ::192:68:4:12/24 any
DGS-3610(config-ipv6-nacl)# deny ipv6 any any
DGS-3610(config-ipv6-nacl)# exit
DGS-3610(config)# interface gigabitEthernet 0/1
DGS-3610(config-if)# ipv6 traffic-filter v6-list in
DGS-3610(config-if)# end
DGS-3610# show access-lists
ipv6 access-list extended v6-list
petmit ipv6 ::192.168.4.12 any
deny any any
DGS-3610#
To Next Page
Loading...
