beautypg.com

Syntax for applying an ipv6 acl, Applying an ipv6 acl to a trunk group, Adding a comment to an ipv6 acl entry – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 165: Or subnet-based vlan, Applying an ipv6 acl to a virtual interface in, A protocol-based or subnet-based vlan

background image

• Gbps Ethernet ports
• 10 Gbps Ethernet ports
• Trunk groups
• Virtual routing interfaces

To apply an IPv6 ACL to an interface, enter commands such as the following.

device(config)#interface ethernet 3/1

device(config-if-e100-3/1)#ipv6 traffic-filter access1 in

This example applies the IPv6 ACL "access1" to incoming IPv6 packets on Ethernet interface 3/1. As a
result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix 2001:DB8:0:2::/64
and the global prefix 2001:DB8:1::/48 and permits all other incoming packets.

Syntax for applying an IPv6 ACL

NOTE
The ipv6 traffic-filteripv6-ACL-name in command is supported on FCX, ICX 6610,ICX 6430,ICX 6450,
ICX 6650, and ICX 7750 devices only. The command is not supported on FSX and FLS devices.

Syntax: ipv6 traffic-filter ipv6-ACL-name { in | out }

For the ipv6-ACL-name parameter, specify the name of an IPv6 ACL created using the ipv6 access-
list command.

The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the interface.

The out keyword applies the specified IPv6 ACL to outgoing IPv6 packets on the interface.

Applying an IPv6 ACL to a trunk group

When applying an IPv6 ACL to a trunk group, apply it to the primary port of the trunk, as described
under

Applying an IPv6 ACL to an interface

on page 164. IPv6 ACLs cannot be applied to secondary

ports. When an IPv6 ACL is applied to a primary port in a trunk, it filters the traffic on the secondary
ports of the trunk as well as the traffic on the primary port.

Applying an IPv6 ACL to a virtual interface in a protocol-based or
subnet-based VLAN

As with IPv4 ACLs, by default, when you apply an IPv6 ACL to a virtual interface in a protocol-based or
subnet-based VLAN, the ACL takes effect on all protocol or subnet VLANs to which the untagged port
belongs. To prevent the Brocade device from denying packets on other virtual interfaces that do not
have an ACL applied, configure an ACL that permits packets in the IP subnet of the virtual interface in
all protocol-based or subnet-based VLANs to which the untagged port belongs.

Adding a comment to an IPv6 ACL entry

You can optionally add a comment to describe entries in an IPv6 ACL. The comment appears in the
output of show commands that display ACL information.

Syntax for applying an IPv6 ACL

FastIron Ethernet Switch Security Configuration Guide

165

53-1003088-03

See also other documents in the category Brocade Computer Accessories: