Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1811181218131814181518161817181818191820
1758 FastIron Configuration Guide
53-1002494-02
Configuring an IPv6 ACL
Configuring an IPv6 ACL
Follow the steps given below to configure an IPv6 ACL.
1. Create the ACL.
2. Enable IPv6 on the interface to which the ACL will be applied.
3. Apply the ACL to the interface.
Example IPv6 configurations
To configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host
2000:2382:e0bb::2, enter the following commands.
The following is another example of commands for configuring an ACL and applying it to an
interface.
The first condition permits ICMP traffic from hosts in the 2000:2383:e0bb::x network to hosts in
the 2001:3782::x network.
The second condition denies all IPv6 traffic from host 2000:2383:e0ac::2 to host
2000:2383:e0aa:0::24.
The third condition denies all UDP traffic.
The fourth condition permits all packets that are not explicitly denied by the other entries. Without
this entry, the ACL would deny all incoming IPv6 traffic on the ports to which you assigned the ACL.
The following commands apply the ACL "netw" to the incoming traffic on port 1/2 and to the
incoming traffic on port 4/3.
Brocade(config)# int eth 1/2
Brocade(config-if-1/2)# ipv6 enable
Brocade(config-if-1/2)# ipv6 traffic-filter netw in
Brocade(config-if-1/2)# exit
Brocade(config)# int eth 4/3
Brocade(config-if-4/3)# ipv6 enable
Brocade(config-if-4/3)# ipv6 traffic-filter netw in
Brocade(config)# write memory
Brocade(config)# ipv6 access-list fdry
Brocade(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eq
telnet
Brocade(config-ipv6-access-list-fdry)# permit ipv6 any any
Brocade(config-ipv6-access-list-fdry)# exit
Brocade(config)# int eth 1/1
Brocade(config-if-1/1)# ipv6 enable
Brocade(config-if-1/1)# ipv6 traffic-filter fdry in
Brocade(config)# write memory
Brocade(config)# ipv6 access-list netw
Brocade(config-ipv6-access-list-netw)# permit icmp 2000:2383:e0bb::/64
2001:3782::/64
Brocade(config-ipv6-access-list-netw)# deny ipv6 host 2000:2383:e0ac::2 host
2000:2383:e0aa:0::24
Brocade(config-ipv6-access-list-netw)# deny udp any any
Brocade(config-ipv6-access-list-netw)# permit ipv6 any any