To Next Page

To Previous Page

Configuring ACLs

Fixed Switch Configuration Guide 24-9

Example

The following example puts the switch into ipv6mode, creates an IPv6 ACL, and associates it with

VLAN 200.

C5(su)->router

C5(su)->router>enable

C5(su)->router#show access-lists ipv6mode

ipv6mode disabled

C5(su)->router#configure

Enter configuration commands:

C5(su)->router(Config)#access-list ipv6mode

Changing ipv6mode will result in a system reset.

Do you wish to proceed? (y/n) y

C5(su)->router

C5(su)->router>enable

C5(su)->router#configure

Enter configuration commands:

C5(su)->router(Config)#access-list ipv6 ipv6list1 deny icmpv6 2001:db08:10::1/64

any

C5(su)->router(Config)#access-list ipv6 ipv6list1 permit tcp 2001:db08:20::20/64

eq snmp any assign-queue 5

C5(su)->router(Config)#access-list ipv6 ipv6list1 permit ipv6 2001:FFFF:30::30/64

any

3. After the switch resets, return to global router

configuration mode, create the ACL and define

the rules.

access-list ipv6 name {deny |

permit} protocol {srcipv6-addr/

prefix-length | any} [eq port]

{dstipv6-addr/prefix-length | any}

[eq port] [dscp dscp] [flow-label

label-value] [assign-queue queue-id]

4. Optionally, insert new or replace existing rules. access-list ipv6 name insert |

replace entryno {deny | permit}

protocol srcipv6-addr/prefix-length

[eq port] dstipv6-addr/prefix-length

[eq port] [dscp dscp] [flow-label

label-value] [

assign-queue queue-id]

5. Optionally, move entries within the ACL access-list ipv6 name move

destination source1 [source2]

6. Display the contents of the ACL show access-lists name

7. Apply the ACL:

7a In router interface configuration mode, apply to a

routing VLAN interface

ipv6 access-group acl-name in

[sequence sequence]

7b In global router configuration mode, apply to an

interface

access-list interface acl-name port-

string in [sequence sequence]

8. Optionally, display the ACLs associated with a

VLAN or port.

show access-lists [interface [port-

string]] | [vlan [vlan-id]]

9. Optionally, delete an entire ACL or a single rule

or range of rules.

no access-list ipv6 acl-name

[entryno [entryno]]

Procedure 24-2 Configuring IPv6 ACLs (continued)

Step Task Command(s)

Brand	Enterasys
Model	C5G124-24
Category	Switch
Language	English

Enterasys C5G124-24 User Manual

Table of Contents

Other manuals for Enterasys C5G124-24

Questions and Answers:

Enterasys C5G124-24 Specifications

Related product manuals