beautypg.com

Creating named ipv6 address acls – Allied Telesis AT-8100 Series User Manual

Page 1543

background image

AT-8100 Switch Command Line User’s Guide

1543

Creating Named

IPv6 Address

ACLs

The Named IPv6 address ACLs are created with the IPv6 ACCESS-LIST
commands. For a description of all the IPv6 ACCESS-LIST commands,
see Chapter 99, “ACL Commands” on page 1561. First, you create the
Named IPv6 ACL with the IPv6 ACCESS-LIST command. It automatically
places you in the IPv6 ACL mode where you can add the filter, as well as
the source and destination IPv6 addresses. In addition, you can classify
tagged packets by assigning a VLAN ID. The time range parameter allows
you to decide when (time and date) filtering begins and ends.

There are six commands for creating Named IPv6 ACLs. The IPv6
ACCESS-LIST command allows you to create a Named IPv6 ACL and
enter the IPv6 ACL command mode. The remaining five commands
provide one command for each filtering criterion of ICMP, IP, Protocol,
TCP, and UDP. The commands are listed in Table 173.

awplus(config)# ip access-list tcpdeny

Create a Named IPv4 ACL called
“tcpdeny” and enter the IP ACL mode.

awplus(config-ip-acl)# deny tcp
152.12.45.2/32 152.12.45.3/32 vlan 5

Allow the filter to deny TCP ingress
packets from source IPv4 address
152.12.45.2/32 to destination IPv4
address 152.12.45.3/32 on VLAN 5.

Table 172. Named IPv4 ACL TCP Deny Example (Continued)

Command Description

Table 173. IPv6 ACCESS-LIST Commands for Creating ACLs

To do this task

Use this Command

Create an Named IPv6 Address ACL and
enter the IP ACL command mode.

ipv6 access-list <

ipv6 access

list>

Define a Named IPv6 Address ACL that
filters ICMP packets.

action

icmp

scr_ip_address

dest_ipaddress

time-range

vlan

[

vid

]

Define a Named IPv6 Address ACL that
filters IP packets based on source and
destination IP addresses.

action

ip

scr_ip_address

dest_ipaddress

time-range vlan

[vid]

Define a Named IPv6 Address ACL that
filters traffic flows based on protocol
numbers and source and destination IPv6
addresses.

action

proto

proto_type

scr_ip_address dest_ipaddress

time-range vlan

See also other documents in the category Allied Telesis Computer hardware: