Displaying acls bound to an interface, Using an acl to restrict ssh access – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

56

Brocade Virtual ADX Security Guide

53-1003250-01

Using an ACL to restrict SSH access

3

Syntax: show ipv6 access-list [access-list-name]

Displaying ACLs bound to an interface

To display ACLs bound to an interface, enter the show access-list bindings command. Here is an
example:

Virtual ADX#show access-list bindings

Access-list binding configuration:

!

interface ethernet 1

ipv6 traffic-filter ipv61 in

!

interface ethernet 2

ipv6 traffic-filter icmp_any in

!

Syntax: show access-list bindings

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to an IPv6 device, first create the named ACL with
the ACL statements. Then use the ssh access-group command to restrict SSH access for IPv6:

Syntax: [no] ssh access-group ipv6 acl-name

Virtual ADX#show ipv6 access-list

ipv6 access-list v6-acl1: 1 entries

deny ipv6 any any

ipv6 access-list v6-acl2: 1 entries

permit ipv6 any any

ipv6 access-list v6-acl3: 2 entries

deny ipv6 2001:db8:aa:10::/64 any

permit ipv6 any any

ipv6 access-list v6-acl4: 2 entries

deny ipv6 2001:db8:aa::/64 any

permit ipv6 any any

ipv6 access-list v6-acl5: 6 entries

permit tcp 2001:db8:bb::/64 any

permit ipv6 2001:db8:bb::/64 any

permit ipv6 2001:db8:aa:101::/64 any

permit ipv6 2001:db8:aa:10::/64 2001:db8:aa:102::/64

permit ipv6 host 2001:db8:aa:10::102 host

2001:db8:aa:101::102

permit ipv6 any any fragments

Virtual ADX(config)#ipv6 access-list test2

Virtual ADX(config-ipv6-access-list test2)#deny ipv6 host 2001:db8:1::1 any

Virtual ADX(config-ipv6-access-list test2)#permit ipv6 2001:db8:1::0/32 any

Virtual ADX(config-ipv6-access-list test2)#permit ipv6 2001:db8:2::0/32 any

Virtual ADX(config-ipv6-access-list test2)#permit ipv6 host 2001:db8:3::1 any

Virtual ADX(config-ipv6-access-list test2)#exit

Virtual ADX(config)#ssh access-group ipv6 test2