51-21
access-list 3110(used 1 time(s))
access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-ff-ff
any-destination-mac
tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
access-list 3110 deny any-source-mac 00-12-11-23-00-00 00-00-00-00-ff-ff icmp any-source 10.0.0.0
0.0.0.255
Switch #show access-group interface ethernet 1/0/10
interface name:Ethernet1/0/10
MAC-IP Ingress access-list used is 3110, traffic-statistics Disable.
Scenario 4:
The configuration requirement is stated as below: IPv6 protocol runs on the interface 600 of the switch. And
the IPv6 network address is 2003:1:1:1::0/64. Users in the 2003:1:1:1:66::0/80 subnet should be disabled
from accessing the outside network.
Configuration description:
1. Create the corresponding access list.
2. Configure datagram filting.
3. Bind the ACL to the related interface.
The configuration steps are listed as below.
Switch(config)#ipv6 access-list 600 permit 2003:1:1:1:66::0/80 any-destination
Switch(config)#ipv6 access-list 600 deny 2003:1:1:1::0/64 any-destination
Switch(config)#firewall enable
Switch(config)#firewall default permit
Switch(config)#interface ethernet 1/0/10
Switch(Config-If-Ethernet1/0/10)#ipv6 access-group 600 in
Switch(Config-If-Ethernet1/0/10)#exit
Switch(config)#exit
Configuration result:
Switch#show firewall
Firewall Status: Enable.
Switch#show ipv6 access-lists
Ipv6 access-list 600(used 1 time(s))
ipv6 access-list 600 deny 2003:1:1:1::0/64 any-source
ipv6 access-list 600 permit 2003:1:1:1:66::0/80 any-source
Switch #show access-group interface ethernet 1/0/10
interface name:Ethernet1/0/10
To Next Page
Loading...
