beautypg.com

Restricting ssh access by specifying an ipv6 acl – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 441

background image

Multi-Service IronWare Routing Configuration Guide

413

53-1003033-02

IPv6 host support

Restricting Telnet access by specifying an IPv6 ACL

You can specify an IPv6 ACL to restrict Telnet access to management functions on the device. Enter
commands similar to the following.

(config)# ipv6 access-list acl1

(config-ipv6-access-list acl1)# deny ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl1)# deny ipv6 2001:DB8::ff89/128 any

(config-ipv6-access-list acl1)# permit ipv6 any any

(config-ipv6-access-list acl1)# exit

(config)# telnet access-group ipv6 acl1

This example configures and applies an IPv6 ACL named “acl1”, which denies Telnet access to the
device from the specified IPv6 addresses, but allows access from any other IPv6 address.

(config)# ipv6 access-list acl2

(config-ipv6-access-list acl2)# permit ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl2)# deny ipv6 any any

(config-ipv6-access-list acl2)# exit

This example configures and applies an IPv6 ACL named “acl2”, which allows Telnet access to the
device only from the specified IPv6 address, and denies access from any other IPv6 address.

Syntax: telnet access-group ipv6 ipv6-acl-name

The ipv6-acl-name is a valid IPv6 ACL.

Restricting SSH access by specifying an IPv6 ACL

You can configure an IPv6 ACL to restrict SSH access to management functions on the device.
Enter commands such as the following.

(config)# ipv6 access-list acl1

(config-ipv6-access-list acl1)# deny ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl1)# deny ipv6 2001:DB8::ff89/128 any

(config-ipv6-access-list acl1)# permit ipv6 any any

(config-ipv6-access-list acl1)# exit

(config)# ssh access-group ipv6 acl1

This example configures and applies an IPv6 ACL named “acl1”, which denies SSH access to the
device from the specified IPv6 addresses, but allows access from any other IPv6 address.

(config)# ipv6 access-list acl2

(config-ipv6-access-list acl2)# permit ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl2)# deny ipv6 any any

(config-ipv6-access-list acl2)# exit

(config)# ssh access-group ipv6 acl2

This example configures and applies an IPv6 ACL named “acl2”, which allows SSH access to the
device only from the specified IPv6 address, and denies access from any other IPv6 address.

Syntax: [no] ssh access-group ipv6 ipv6-acl-name

The ipv6-acl-name is a valid IPv6 ACL.

See also other documents in the category Brocade Computer Accessories: