Applying an ipv6 acl to an interface, Displaying acls – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 67

Advertising
background image

Brocade Virtual ADX Security Guide

55

53-1003250-01

IPv6 ACL overview

3

Applying an IPv6 ACL to an interface

To apply an IPv6 ACL to an interface, enter commands such as the following:

Virtual ADX(config)#interface ethernet 3/1

Virtual ADX(config-if-e1000-3/1)#ipv6 traffic-filter access1 in

This example applies the IPv6 ACL access1 to incoming IPv6 packets on Ethernet interface 3/1. As
a result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix
fd00:0:0:2::/64 and the global prefix 2001:db8:100:1::/48 and permits all other incoming
packets.

Syntax: ipv6 traffic-filter ipv6-acl-name in

For the ipv6-acl-name variable, specify the name of an IPv6 ACL created using the ipv6 access-list
command.

The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the interface.

Displaying ACLs

To display the ACLs configured on a device, enter the show ipv6 access-list command. Here is an
example:

host

Allows you specify a host IPv6 address. When you use this parameter, you
do not need to specify the prefix length. A prefix length of all128 is implied.

tcp-udp-operator

The tcp-udp-operator variable can be one of the following:
eq – The policy applies to the TCP or UDP port name or number you enter
after eq.
gt – The policy applies to TCP or UDP port numbers greater than the port
number or the numeric equivalent of the port name you enter after gt. Enter
"?" to list the port names.
lt – The policy applies to TCP or UDP port numbers that are less than the
port number or the numeric equivalent of the port name you enter after lt.
neq – The policy applies to all TCP or UDP port numbers except the port
number or port name you enter after neq.
range – The policy applies to all TCP port numbers that are between the first
TCP or UDP port name or number and the second one you enter following
the range parameter. The range includes the port names or numbers you
enter. For example, to apply the policy to all ports between and including 23
(Telnet) and 53 (DNS), enter the following: range 23 53. The first port
number in the range must be lower than the last number in the range.
The source-port number and destination-port-number for the
tcp-udp-operator is the number of the port.

TABLE 3

Syntax descriptions (Continued)

Arguments...

Description...

Advertising
Popular Brands
Popular manuals