Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

IPv6 Hardware Access Control List (ACL) Commands

Software Reference for x310 Series Switches

36.16

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Mode

IPv6 Hardware ACL Configuration

Default

Any traffic on an interface controlled by a hardware ACL that does not explicate match a
filter is permitted.

Usage

The filter entry will match on any TCP or UDP packet that has the specified source and
destination IPv6 addresses and TCP or UDP type. The parameter any may be specified if
an address does not matter.

Examples

To add an ACL filter entry that blocks all SSH traffic from network 2001:0db8::0/64 to
the hardware IPv6 access-list named my-acl, use the commands:

To add an ACL filter entry that blocks all SSH traffic from network 2001:0db8::0/64 on
the default VLAN (vlan1) to the hardware IPv6 access-list named my-acl, use the
commands:

To remove an ACL filter entry that blocks all SSH traffic from network 2001:0db8::0/
64

from the hardware IPv6 access-list named my-acl, use the commands:

any

Specifies any destination host. An abbreviation
for the IPv6 prefix ::/0.

vlan

This parameter can be used in either single or
double-tagged VLAN networks. It is the
conventional VLAN tag (VID). In a double-tagged
network it is sometimes referred to as the STAG.

<1-4094>

The VLAN VID.

Parameter(cont.)

Description(cont.)

Note

Hardware ACLs will permit access unless explicitly denied by an ACL action.

awplus#

configure terminal

awplus(config)#

ipv6 access-list my-acl

awplus(config-ipv6-hw-acl)#

deny tcp 2001:0db8::0/64 any eq 22

awplus#

configure terminal

awplus(config)#

ipv6 access-list my-acl

awplus(config-ipv6-hw-acl)#

deny tcp 2001:0db8::0/64 any eq 22
vlan 1

awplus#

configure terminal

awplus(config)#

ipv6 access-list my-acl

awplus(config-ipv6-hw-acl)#

no deny tcp 2001:0db8::0/64 any eq
22