1198 BigIron RX Series Configuration Guide
53-1002253-01
Using IPv6 ACLs as input to other features
47
For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IPv6 address to the website’s IPv6 address.
IPv6 ACLs also provide support for filtering packets based on DSCP.
This chapter contains the following sections:
• “Using IPv6 ACLs as input to other features” on page 1198
• “Configuring an IPv6 ACL” on page 1198
• “Applying an IPv6 ACL to an interface” on page 1206
• “Adding a comment to an IPv6 ACL entry” on page 1207
• “Displaying ACLs” on page 1208
Using IPv6 ACLs as input to other features
You can use an IPv6 ACL to provide input to other features such as route maps and distribution
lists. When you use an ACL this way, use permit statements in the ACL to specify the traffic that you
want to send to the other feature. If you use deny statements, the traffic specified by the deny
statements is not supplied to the other feature.
Configuring an IPv6 ACL
To configure an IPv6 ACL, you must do the following:
• Create the ACL
• Apply the ACL to an interface
Example configurations
To configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host
2000:2382:e0bb::2, enter the following commands.
Here is another example of commands for configuring an ACL and applying it to an interface.
BigIron RX(config)# ipv6 access-list fdry
BigIron RX(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eq
telnet
BigIron RX(config-ipv6-access-list-fdry)# permit ipv6 any any
BigIron RX(config-ipv6-access-list-fdry)# exit
BigIron RX(config)# int eth 1/1
BigIron RX(config-if-1/1)# ipv6 traffic-filter fdry in
BigIron RX(config)# write memory
To Next Page
Loading...
