Technical data
106 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
Displaying IPv6 ACLs
6
DRAFT: BROCADE CONFIDENTIAL
ServerIronADX(config)# interface ethernet 3/1
ServerIronADX(config-if-e100-3/1)# ipv6 traffic-filter access1 in
This example applies the IPv6 ACL access1 to incoming IPv6 packets on Ethernet interface 3/1. As
a result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix
fec0:0:0:2::/64 and the global prefix 2001:db8:100:1::/48 and permits all other incoming packets.
Syntax: ipv6 traffic-filter <ipv6-acl-name> in
For the <ipv6-acl-name> parameter, specify the name of an IPv6 ACL created using the ipv6
access-list command.
The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the interface.
Displaying IPv6 ACLs
To display the ACLs configured on a device, enter the show ipv6 access-list command.
Syntax: show ipv6 access-list [<access-list-name>]
Displaying IPv6 ACLs bound to an interface
To display the ACLs bound to an interface, enter the show access-list bindings command.
ServerIronADX# show access-list bindings
Access-list binding configuration:
!
interface ethernet 1
ipv6 traffic-filter ipv61 in
!
interface ethernet 2
ipv6 traffic-filter icmp_any in
!
ServerIronADX 1000#
ServerIronADX# show ipv6 access-list
ipv6 access-list v6-acl1: 1 entries
deny ipv6 any any
ipv6 access-list v6-acl2: 1 entries
permit ipv6 any any
ipv6 access-list v6-acl3: 2 entries
deny ipv6 2001:db8:aa:10::/64 any
permit ipv6 any any
ipv6 access-list v6-acl4: 2 entries
deny ipv6 2001:db8:aa::/64 any
permit ipv6 any any
ipv6 access-list v6-acl5: 6 entries
permit tcp 2001:db8:bb::/64 any
permit ipv6 2001:db8:bb::/64 any
permit ipv6 2001:db8:aa:101::/64 any
permit ipv6 2001:db8:aa:10::/64 2001:db8:aa:102::/64
permit ipv6 host 2001:db8:aa:10::102 host
2001:db8:aa:101::102
permit ipv6 any any fragments