Configuration Guide Configuring ACL
 Configure an IPv6 ACL.
 Add an ACE to the IPv6 ACL to prevent access to the video server.
 Add an ACE to the IPv6 ACL to permit all IPv6 packets.
 Apply the IPv6 ACL to the incoming direction of the interface connected to the R&D department.
sw1(config)#ipv6 access-list dev_deny_ipv6video
sw1(config-ipv6-nacl)#deny ipv6 any host 200::1
sw1(config-ipv6-nacl)#permit ipv6 any any
sw1(config-ipv6-nacl)#exit
sw1(config)#int gigabitEthernet 0/2
sw1(config-if-GigabitEthernet 0/2)# ipv6 traffic-filter dev_deny_ipv6video in
 On a PC of the R&D department, ping the video server. Verify that the ping operation fails.
sw1(config)#show access-lists
ipv6 access-list dev_deny_ipv6video
10 deny ipv6 any host 200::1
20 permit ipv6 any any
sw1(config)#show access-group
ipv6 traffic-filter dev_deny_ipv6video in
Applied On interface GigabitEthernet 0/2
11.4.5 Configuring a Security Channel
Configuration Effect
Configure a security channel to enable packets meeting the security channel rules to bypass the checks of access control
applications. Configure the security channel if an access control application (such as DOT1X) is enabled on an uplink
To Next Page
Loading...
Need help?
General
