Restricting snmp access by specifying an ipv6 acl – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

414

Multi-Service IronWare Routing Configuration Guide

53-1003033-02

IPv6 host support

Restricting Web management access by specifying
an IPv6 ACL

You can configure an IPv6 ACL to restrict Web management access to management functions on
the device. Enter commands such as the following.

(config)# ipv6 access-list acl1

(config-ipv6-access-list acl1)# deny ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl1)# deny ipv6 2001:DB8::ff89/128 any

(config-ipv6-access-list acl1)# permit ipv6 any any

(config-ipv6-access-list acl1)# exit

(config)# web access-group ipv6 acl1

This example configures and applies an IPv6 ACL named “acl1”, which denies Web management
access to the device from the specified IPv6 addresses, but allows access from any other IPv6
address.

(config)# ipv6 access-list acl2

(config-ipv6-access-list acl2)# permit ipv6 host 2000:2382::e0bb:2 any

(config-ipv6-access-list acl2)# deny ipv6 any any

(config-ipv6-access-list acl2)# exit

This example configures and applies an IPv6 ACL named “acl2”, which allows Web management
access to the device only from the specified IPv6 address, and denies access from any other IPv6
address.

Syntax: web access-group ipv6 ipv6-acl-name

The ipv6-acl-name variable is a valid IPv6 ACL.

Restricting SNMP access by specifying an IPv6 ACL

You can configure an IPv6 ACL to restrict Web management access to management functions on
the device.

NOTE

The syntax for configuring ACLs for SNMP access differs from the syntax for controlling Telnet, SSH,
and Web management access using ACLs.

Brocade(config)# ipv6 access-list aclro

Brocade(config-ipv6-access-list aclro)# deny ipv6 host 2000:2382::e0bb:2 any

Brocade(config-ipv6-access-list aclro)# deny ipv6 2001:DB8::ff89/128 any

Brocade(config-ipv6-access-list aclro)# permit ipv6 any any

Brocade(config-ipv6-access-list aclro)# exit

Brocade(config)# ipv6 access-list aclrw

Brocade(config-ipv6-access-list aclrw)# permit ipv6 host 2000:2382::e0bb:2 any

Brocade(config-ipv6-access-list aclrw)# deny ipv6 any any

Brocade(config-ipv6-access-list aclrw)# exit

Brocade(config)# snmp-server community public ro ipv6 aclro

Brocade(config)# snmp-server community private rw ipv6 aclrw

Brocade(config)# write memory

These commands configure IPv6 ACLs aclro and aclrw, then apply these ACLs to community
strings. ACL aclro controls read-only access using the “public” community string. ACL aclrw controls
read-write access using the “private” community string.

Syntax: [no] snmp-server community string {ro | rw} ipv6 ipv6-acl-name