Displaying acls bound to an interface, Using an acl to restrict ssh access – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 68
56
Brocade Virtual ADX Security Guide
53-1003250-01
Using an ACL to restrict SSH access
3
Syntax: show ipv6 access-list [access-list-name]
Displaying ACLs bound to an interface
To display ACLs bound to an interface, enter the show access-list bindings command. Here is an
example:
Virtual ADX#show access-list bindings
Access-list binding configuration:
!
interface ethernet 1
ipv6 traffic-filter ipv61 in
!
interface ethernet 2
ipv6 traffic-filter icmp_any in
!
Syntax: show access-list bindings
Using an ACL to restrict SSH access
To configure an ACL that restricts SSH access to an IPv6 device, first create the named ACL with
the ACL statements. Then use the ssh access-group command to restrict SSH access for IPv6:
Syntax: [no] ssh access-group ipv6 acl-name
Virtual ADX#show ipv6 access-list
ipv6 access-list v6-acl1: 1 entries
deny ipv6 any any
ipv6 access-list v6-acl2: 1 entries
permit ipv6 any any
ipv6 access-list v6-acl3: 2 entries
deny ipv6 2001:db8:aa:10::/64 any
permit ipv6 any any
ipv6 access-list v6-acl4: 2 entries
deny ipv6 2001:db8:aa::/64 any
permit ipv6 any any
ipv6 access-list v6-acl5: 6 entries
permit tcp 2001:db8:bb::/64 any
permit ipv6 2001:db8:bb::/64 any
permit ipv6 2001:db8:aa:101::/64 any
permit ipv6 2001:db8:aa:10::/64 2001:db8:aa:102::/64
permit ipv6 host 2001:db8:aa:10::102 host
2001:db8:aa:101::102
permit ipv6 any any fragments
Virtual ADX(config)#ipv6 access-list test2
Virtual ADX(config-ipv6-access-list test2)#deny ipv6 host 2001:db8:1::1 any
Virtual ADX(config-ipv6-access-list test2)#permit ipv6 2001:db8:1::0/32 any
Virtual ADX(config-ipv6-access-list test2)#permit ipv6 2001:db8:2::0/32 any
Virtual ADX(config-ipv6-access-list test2)#permit ipv6 host 2001:db8:3::1 any
Virtual ADX(config-ipv6-access-list test2)#exit
Virtual ADX(config)#ssh access-group ipv6 test2