Acl example 3, Vlan maps – Blade ICE RACKSWITCH G8124-E User Manual

BLADEOS 6.5.2 Application Guide

82 Chapter 5: Access Control Lists

BMD00220, October 2010

ACL Example 3

Use this configuration to block traffic from a specific IPv6 source address. All traffic that ingresses
in port 2 with source IP from class 2001:0:0:5:0:0:0:2/128 is denied.

1.

Configure an Access Control List.

2.

Add ACL 2 to port EXT2.

VLAN Maps

A VLAN map (VMAP) is an ACL that can be assigned to a VLAN or VM group rather than to a
switch port as with regular ACLs. This is particularly useful in a virtualized environment where
traffic filtering and metering policies must follow virtual machines (VMs) as they migrate between
hypervisors.

Note –

VLAN maps for VM groups are not supported simultaneously on the same ports as vNICs

(see

“Virtual NICs” on page 153

).

The G8124 supports up to 127 VMAPs when the switch is operating in the default deployment
mode (see

“Deployment Profiles” on page 147

). VMAP menus and commands are not available in

the Routing deployment mode.

Individual VMAP filters are configured in the same fashion as regular ACLs, except that VLANs
cannot be specified as a filtering criteria (unnecessary, since the VMAP are assigned to a specific
VLAN or associated with a VM group VLAN).

RS G8124(config)# access-control list6 3 ipv6 source-address

2001:0:0:5:0:0:0:2 128

RS G8124(config)# access-control list6 3 action deny

RS G8124(config)# interface port 2

RS G8124(config-if)# access-control list6 3

RS G8124(config-if)# exit