Applying an ipv6 acl to an interface, Adding tcp flags to an ipv6 acl entry, Applying an ipv6 acl to an interface 7 – Brocade BigIron RX Series Configuration Guide User Manual

Page 1375: Adding tcp flags to an ipv6 acl entry 7

Advertising
background image

BigIron RX Series Configuration Guide

1297

53-1002484-04

Applying an IPv6 ACL to an interface

48

router-solicitation

sequence

time-exceeded

unreachable

NOTE

If you do not specify a message type, the ACL applies to all types ICMP messages types.

Applying an IPv6 ACL to an interface

To apply an IPv6 ACL, for example “access1”, to an interface, enter commands such as the
following.

BigIron RX(config)# interface ethernet 3/1

BigIron RX(config-if-e100-3/1)# ipv6 traffic-filter access1 in

This example applies the IPv6 ACL “access1” to incoming IPv6 packets on Ethernet interface 3/1.
As a result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix
fec0:0:0:2::/64 and the global prefix 2001:100:1::/48 and permits all other incoming packets.

Syntax: ipv6 traffic-filter <ipv6-acl-name> in

For the <ipv6-acl-name> parameter, specify the name of an IPv6 ACL created using the ipv6
access-list command.

The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the interface.

Adding TCP flags to an IPv6 ACL entry

You can add a TCP flags to entries in an IPv6 ACL. The TCP flag will appear in the output of show
commands that display ACL information.

Enter match-all <tcp- flags> if you want all the flags you specify to be matched from a TCP session.
Use match-any <tcp-flag> if any of the flags will be matched. You can enter more than one TCP flag.
Separate each flag with a space, using a + or – to indicate if the matching condition requires the bit
to be set to 1 (+) or 0 (–).

This example applies the TCP flags to allow TCP packets only if the TCP flags SYN and ACK are set
and the FIN flag is not set.

BigIron RX

>

enable

BigIron RX# configure terminal

BigIron RX(config)# ipv6 access-list fdry

BigIron RX (config-ipv6-access-list fdry)# permit tcp any any match-all +ack +syn

BigIron RX(config-ipv6-access-list fdry)# permit tcp any any match-any -urg +syn

-psh

BigIron RX (config-ipv6-access-list fdryl)# end

Advertising
Popular Brands
Popular manuals