R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)
16
[DeviceA-acl6-adv-3000] quit
# Enable IPv6 firewall, and apply IPv6 advanced ACL 3000 to filter outgoing packets on interface
Ethernet 1/1.
[DeviceA] firewall ipv6 enable
[DeviceA] interface ethernet 1/1
[DeviceA-Ethernet1/1] firewall packet-filter ipv6 3000 outbound
[DeviceA-Ethernet1/1] quit
Verifying the configuration
# Ping the database server from a PC in the Financial department during working hours. (All PCs in this
example use Windows XP.)
C:\> ping 1000::100
Pinging 1000::100 with 32 bytes of data:
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Ping statistics for 1000::100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The output shows that the database server can be pinged.
# Ping the database server from a PC in the Marketing department during working hours.
C:\> ping 1000::100
Pinging 1000::100 with 32 bytes of data:
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Ping statistics for 1000::100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows the database server cannot be pinged.
# Display configuration and match statistics for IPv6 advanced ACL 3000 on Device A during working
hours.
[DeviceA] display acl ipv6 3000
Advanced IPv6 ACL 3000, named -none-, 3 rules,
ACL's step is 5
rule 0 permit ipv6 source 1001::/16 destination 1000::100/128
rule 5 permit ipv6 source 1002::/16 destination 1000::100/128 time-range work (4 times
matched) (Active)
rule 10 deny ipv6 destination 1000::100/128 (4 times matched)