Configuration Guide Access Control List Configuration
Configuring IPv6-based Extended Access List
Configuring IPv6 Extended Access List
The configuration of an IPv6-based access list includes the following steps:
1. Define an IPv6 access list
2. Apply the access list to a specific interface (application particular case)
There is the following method to configure a basic access list. Run the following command in the ACL
configuration mode:
Ruijie(config)# ipv6 access-list name
Enter the access list configuration
mode
Ruijie (config-ipv6-nacl)# [sn]
{permit | deny }prot {src-ipv6-prefix/prefix-len |
host src-ipv6-addr | any}
{dst-ipv6-pfix/pfix-len | any | host
dst-ipv6-addr} [dscp dscp] [flow-label
flow-label] [time-range
tm-rng-name]
Add table entries for ACL. For details
about commands, please see
command reference.
Ruijie(config-exp-nacl)# exit
Ruijie(config)# interface interface
Exit from the access control list mode
and select the interface to which the
access list is to be applied.
Ruijie(config-if)# ipv6
traffic-filter name in
Apply the access list to the specific
interface
Showing Configuration of IPv6Extended Access List
To monitor access lists, please run the following command the in privileged user mode:
Ruijie# show access-lists [name]
This command can be used to view the basic access list.
IPv6 Extended Access List Example
It is required to implement the following security functions by configuring access lists:
The 192.168.4.12 host can access the gi 0/1 port of a device.
It cannot access other ports.
Ruijie> enable
Ruijie# config terminal
Ruijie(config)# ipv6 access-list v6-list
Ruijie(config-ipv6-nacl)# permit ipv6 ::192:68:4:12/24 any
To Next Page
Loading...
