beautypg.com

Reapplying modified ipv6 acls, Applying an ipv6 acl to a vrf interface – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 225

background image

Multi-Service IronWare Security Configuration Guide

207

53-1003035-02

Applying an IPv6 ACL

4

Brocade(config)# interface ethernet 3/1

Brocade(config-if-e100-3/1)# ipv6 traffic-filter access1 in

This example applies the IPv6 ACL “access1” to incoming IPv6 packets on Ethernet interface 3/1.
As a result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix
fec0:0:0:2::/64 and the global prefix 2001:100:1::/48 and permits all other incoming packets.

Syntax: [no] ipv6 traffic-filter ipv6-acl-name in | out

For the ipv6-acl-name parameter, specify the name of an IPv6 ACL created using the ipv6
access-list command.

The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the Brocade device
interface.

The out keyword applies the specified IPv6 ACL to outgoing IPv6 packets on the Brocade device
interface.

Reapplying modified IPv6 ACLs

If you make an IPv6 ACL configuration change, you must reapply the ACLs to their interfaces to
place the change into effect.

An ACL configuration change includes any of the following:

Adding, changing, or removing an ACL or an entry in an ACL

Changing ToS-based QoS mappings

To reapply ACLs following an ACL configuration change, enter either of the following commands at
the global CONFIG level of the CLI.

Brocade(config)# ipv6 rebind-acl

Syntax: [no] ip rebind-acl num | name

Brocade(config)#ipv6 rebind-all-acl

Syntax: [no] ip rebind-all-acl

Applying an IPv6 ACL to a VRF Interface

A VRF interface can be one physical port, a virtual interface, or a trunk port consisting of multiple
physical ports. As with regular IPv6 ports, you can apply an inbound or outbound IPv6 ACL to a VRF
interface to filter incoming and outgoing traffic respectively. This type of ACL is called a IPv6 VRF
ACL.

Distinction between IPv6 ACLs applied to regular and VRF interfaces

IPv6 ACLs (both inbound and outbound) can only be applied at the IPv6 interface-level, which may
be a physical or a virtual interface. If a physical port is a member of one or more virtual interfaces,
the IPv6 ACL must be bound at the corresponding ve level (not at the physical port level). You
cannot change the VLAN membership of a physical port with an IPv6 ACL.

See also other documents in the category Brocade Computer Accessories: