25 time-range, 3 acl example, Xample – Accton Technology ES4626 User Manual

772

length of the IPv6 address prefix, the valid range is 1～128. <sIPv6Addr> is the source

IPv6 address.

Command Mode:

Standard IPv6 nomenclature access list mode

Default:

No access list configured by default.

Usage Guide:

Example:

Permit packets with source address of 2001:1:2:3::1/64 while denying those

with source address of 2001:1:2:3::1/48.

Switch(Config)# ipv6 access-list standard ipv6Flow

Switch(Config-Std-Nacl-ipv6Flow)# permit 2001:1:2:3::1/64

Switch(Config-Std-Nacl-ipv6Flow)# deny 2001:1:2:3::1/48

18.2.2.25 time-range

Command:[no] time-range <time_range_name>

Functions:

Create the name of time-range as time range name, enter the time-range

mode at the same time.

Parameters:time_range_name

,time range name must start with letter, and the length

cannot exceed 16-character long.

Command Mode:

Global mode

Default:

No time-range configuration

Guide:

Examples:

Reate a time-range named dc timer.

Switch(config)#Time-range dc_ti

18.3 ACL Example

Scenario:

The user has the following configuration requirement: port 1/10 of the switch connects to

10.0.0.0/24 segment, ftp is not desired for the user.

Configuration description:

a) Create a proper ACL

b) Configuring packet filtering function

c) Bind the ACL to the port

The configuration steps are listed below:

Switch(Config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21

Switch(Config)#firewall enable

Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 1/10