Configuring ACLs
24-10 Configuring Access Control Lists
C5(su)->router(Config)#show access-lists ipv6list1
ipv6list1 IPV6 access-list
1: deny icmpv6 2001:DB08:10::1/64 any
2: permit tcp 2001:db08:20::20/64 eq snmp any assign-queue 5
3: permit ipv6 2001:FFFF:30::30/64 any
C5(su)->router(Config)#interface vlan 200
C5(su)->router(Config-if(Vlan 200))#ipv6 access-group ipv6list1 in
C5(su)->router(Config-if(Vlan 200))#exit
Configuring MAC ACLs
Procedure 24-3 describes how to configure a MAC ACL.
Example
The following example puts the switch into ipv6mode, creates a MAC ACL, and associates it with
VLAN 300.
C5(su)->router
Procedure 24-3 Configuring MAC ACLs
Step Task Command(s)
1. Optionally. display the status of ipv6mode. show access-lists ipv6mode
2. If necessary, in global router configuration mode,
enable ipv6mode, which requires a reset of the
switch.
Enter y when prompted to reset the switch.
access-list ipv6mode
3. After the switch resets, return to global router
configuration mode, create the ACL and define
the rules.
access-list mac name {deny | permit}
{srcmac | any} {destmac | any}
[ethertype ethertype] [vlan vlan-id]
[priority pri] [assign-queue queue-
id]
4. Optionally, insert new or replace existing rules. access-list mac name insert |
replace entryno {deny | permit}
{srcmac | any} {destmac | any}
[ethertype ethertype] [vlan vlan-id]
[priority pri] [assign-queue queue-
id]
5. Optionally, move entries within the ACL access-list mac name move
destination source1 [source2]
6. Display the contents of the ACL show access-lists
name
7. Apply the ACL:
7a In router interface configuration mode, apply to a
routing VLAN interface
ip access-group acl-name in
[sequence sequence]
7b In global router configuration mode, apply to an
interface
access-list interface acl-name port-
string in [sequence sequence]
8. Optionally, display the ACLs associated with a
VLAN or port.
show access-lists [interface [port-
string]] | [vlan [vlan-id]]
9. Optionally, delete an entire ACL or a single rule
or range of rules.
no access-list mac acl-name [entryno
[entryno]]
To Next Page
Loading...
Need help?
General