Dell POWEREDGE M1000E User Manual

Page 420

Advertising
background image

2-390

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference

OL-13271-03

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

permit (IPv6 access-list configuration)

Examples

This example configures two IPv6 access lists named OUTBOUND and INBOUND and applies both
access lists to outbound and inbound traffic on a Layer 3 interface. The first and second permit entries
in the OUTBOUND list permit all TCP and UDP packets from network 2001:ODB8:0300:0201::/64 to
leave the interface. The deny entry in the OUTBOUND list prevents all packets from the network
FE80:0:0:0201::/64 (packets that have the link-local prefix FE80:0:0:0201 as the first 64 bits of their
source IPv6 address) from leaving the interface. The third permit entry in the OUTBOUND list permits
all ICMP packets to leave the interface.

The permit entry in the INBOUND list permits all ICMP packets to enter the interface.

Switch(config)#ipv6 access-list OUTBOUND

Switch(config-ipv6-acl)# permit tcp 2001:0DB8:0300:0201::/64 any

Switch(config-ipv6-acl)# permit udp 2001:0DB8:0300:0201::/64 any

Switch(config-ipv6-acl)# deny FE80:0:0:0201::/64 any

Switch(config-ipv6-acl)# permit icmp any any

Switch(config-ipv6-acl)# exit

Switch(config)#ipv6 access-list INBOUND

Switch(config-ipv6-acl)# permit icmp any any

Switch(config-ipv6-acl)# exit

Switch(config)# interface gigabitethernet1/0/3

Switch(config-if)# no switchport

Switch(config-if)# ipv6 address 2001::/64 eui-64

Switch(config-if)# ipv6 traffic-filter OUTBOUND out

Switch(config-if)# ipv6 traffic-filter INBOUND in

Note

Given that a permit any any statement is not included as the last entry in the OUTBOUND or the
INBOUND access list, only TCP, UDP, and ICMP packets are permitted out of and into the interface (the
implicit deny-all condition at the end of the access list denies all other packet types on the interface).

Related Commands

parameter-problem

port-unreachable

reassembly-timeout

renum-command

renum-result

renum-seq-number

router-advertisement

router-renumbering

router-solicitation

time-exceeded

unreachable

Command

Description

ipv6 access-list

Defines an IPv6 access list and enters IPv6 access list configuration mode.

ipv6 traffic-filter

Filters incoming or outgoing IPv6 traffic on an interface.

deny (IPv6 access-list
configuration)

Sets deny conditions for an IPv6 access list.

show ipv6 access-list

Displays the contents of all current IPv6 access lists.

Advertising
Popular Brands
Popular manuals