Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

IPv6 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

37.15

Mode

IPv6 Extended ACL Configuration

Default

Any traffic controlled by a software ACL that does not explicitly match a filter is denied.

Usage

The filter entry will match on any packet that has the specified source and destination IPv6
addresses and the specified TCP or UDP source and destination port. The parameter any
may be specified if an address does not matter.

Examples

To add a new filter entry with sequence number 5 to the access-list named my-list to
reject TCP packets from 2001:0db8::0/64 port 10 to 2001:0db8::f/64 port 20,
use the following commands:

To add a new filter entry with sequence number 5 to the extended IPv6 access-list named
my-list

to reject UDP packets from 2001:0db8::0/64 port 10 to 2001:0db8::f/

64

port 20, use the following commands:

To remove the filter entry with sequence number 5 to the extended IPv6 access-list
named my-list, use the commands:

Related Commands

ipv6 access-list extended (named)
show ipv6 access-list (IPv6 Software ACLs)
show running-config

<destport>

The destination port number, specified as an integer
between 0 and 65535.

log

Log the results.

Parameter(cont.)

Description(cont.)

Note

Software ACLs will deny access unless explicitly permitted by an ACL action.

awplus#

configure terminal

awplus(config)#

ipv6 access-list extended my-list

awplus(config-ipv6-ext-acl)#

5 deny tcp 2001:0db8::0/64 eq 10
2001:0db8::f/64 eq 20

awplus#

configure terminal

awplus(config)#

ipv6 access-list extended my-list

awplus(config-ipv6-ext-acl)#

5 deny udp 2001:0db8::0/64 eq 10
2001:0db8::f/64 eq 20

awplus#

configure terminal

awplus(config)#

ipv6 access-list extended my-list

awplus(config-ipv6-ext-acl)#

no 5