beautypg.com

Using ipv6 acls as input to other features, Configuring an ipv6 acl, Using ipv6 acls as input to other features1 – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 194

background image

176

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Using IPv6 ACLs as input to other features

4

remark-entry sequence 7 permit all ipv6 traffic for 1::3

remark-entry sequence 9 deny udp traffic for 1::2

deny udp host 1::2 any sequence 9

remark-entry sequence 10 permit all ipv6 traffic for 1::1

permit ipv6 host 1::1 any

remark allow only sctp traffic for 1::10

permit sctp host 1::10 any sequence 12

remark-entry sequence 15 deny all tcp traffic for 1::9

remark-entry sequence 17 deny tcp traffic for 1::2

deny tcp host 1::2 any sequence 17

remark-entry sequence 23 allow rest of the ipv6 traffic for 1::2

permit ipv6 host 1::2 any sequence 23

remark-entry sequence 28 permit all ipv6 traffic for 1::9

remark unused default comment

When suppress-acl-seq is turned ON, the running-config display for IPv6 ACL “ip6_” is:

ipv6 access-list ip6_

remark allow only udp traffic from 1::5

permit udp host 1::5 any

remark deny udp traffic for 1::2

deny udp host 1::2 any

remark permit all ipv6 traffic for 1::1

permit ipv6 host 1::1 any

remark allow only sctp traffic for 1::10

permit sctp host 1::10 any

remark deny tcp traffic for 1::2

deny tcp host 1::2 any

remark allow rest of the ipv6 traffic for 1::2

permit ipv6 host 1::2 any

remark unused default comment

When suppress-acl-seq is ON, the system hides unused remark-entry statements and displays
used remark-entry statements as remark statements.

Syntax: [no] suppress-acl-seq

The no version of this command turns suppress-acl-seq OFF.

Using IPv6 ACLs as input to other features

You can use an IPv6 ACL to provide input to other features such as route maps and distribution
lists. When you use an ACL this way, permit statements in the ACL specify traffic that you want to
send to the other feature. If you use deny statements, the traffic specified by the deny statements
is not supplied to the other feature.

Configuring an IPv6 ACL

To configure an IPv6 ACL, you must perform the following tasks:

Create the ACL.

Apply the ACL to a Brocade device interface.

The following configuration tasks are optional:

Re-sequence the ACL table

See also other documents in the category Brocade Computer Accessories: