beautypg.com

Example configurations – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 195

background image

Multi-Service IronWare Security Configuration Guide

177

53-1003035-02

Configuring an IPv6 ACL

4

Control access to and from a Brocade device.

Example configurations

To configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host
2000:2382:e0bb::2, enter the following commands.

Here is another example of how to configure an ACL and apply it to an interface.

The first condition permits ICMP traffic from hosts in the 2000:2383:e0bb::x network to hosts in
the 2001:3782::x network.

The second condition denies all IPv6 traffic from host 2000:2383:e0ac::2 to host
2000:2383:e0aa:0::24.

The third condition denies all UDP traffic.

The fourth condition permits all packets that are not explicitly denied by the other entries. Without
this entry, the ACL denies all incoming or outgoing IPv6 traffic on the ports to which the ACL is
assigned.

The commands in the next example apply the ACL “netw” to the incoming and outgoing traffic on
port 1/2 and to the incoming traffic on port 4/3.

Here is another example of an ACL.

Brocade(config)# ipv6 access-list fdry

Brocade(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eq

telnet

Brocade(config-ipv6-access-list-fdry)# permit ipv6 any any

Brocade(config-ipv6-access-list-fdry)# exit

Brocade(config)# int eth 1/1

Brocade(config-if-1/1)# ipv6 traffic-filter fdry in

Brocade(config)# write memory

Brocade(config)# ipv6 access-list netw

Brocade(config-ipv6-access-list-netw)# permit icmp 2000:2383:e0bb::/64

2001:3782::/64

Brocade(config-ipv6-access-list-netw)# deny ipv6 host 2000:2383:e0ac::2 host

2000:2383:e0aa:0::24

Brocade(config-ipv6-access-list-netw)# deny udp any any

Brocade(config-ipv6-access-list-netw)# permit ipv6 any any

Brocade(config)# int eth 1/2

Brocade(config-if-1/2)# ipv6 traffic-filter netw in

Brocade(config-if-1/2)# ipv6 traffic-filter netw out

Brocade(config-if-1/2)# exit

Brocade(config)# int eth 4/3

Brocade(config-if-4/3)# ipv6 traffic-filter netw in

Brocade(config)# write memory

See also other documents in the category Brocade Computer Accessories: