Configuring Ipv4-Acls Or Ipv6-Acls; Creating Ipv4-Acls Or Ipv6-Acls - HP Cisco MDS 9020 - Fabric Switch Configuration Manual

Cisco mds 9000 family cli configuration guide, release 3.x (ol-16184-01, april 2008)

Hide thumbs Also See for Cisco MDS 9020 - Fabric Switch:

Service manual (242 pages)

Configuration manual (1384 pages)

Handbook (141 pages)

Table of Contents

Configuring IPv4 and IPv6 Access Control Lists

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Configuring IPv4-ACLs or IPv6-ACLs

Traffic coming into the switch is compared to IPv4-ACL or IPv6-ACL filters based on the order that the

filters occur in the switch. New filters are added to the end of the IPv4-ACL or the IPv6-ACL. The switch

keeps looking until it has a match. If no matches are found when the switch reaches the end of the filter,

the traffic is denied. For this reason, you should have the frequently hit filters at the top of the filter.

There is an implied deny for traffic that is not permitted. A single-entry IPv4-ACL or IPv6-ACL with

only one deny entry has the effect of denying all traffic.

To configure an IPv4-ACL or an IPv6-ACL, you must complete the following tasks:

Create an IPv4-ACL or an IPv6-ACL by specifying a filter name and one or more access condition(s).

Filters require the source and destination address to match a condition. Use optional keywords to

configure finer granularity.

Apply the access filter to specified interfaces.

To create an IPv4-ACL, follow these steps:

switch# config t

switch(config)# ip access-list List1 permit ip any any

switch(config)# no ip access-list List1 permit ip any any

switch(config)# ip access-list List1 deny tcp any any

To create an IPv6-ACL, follow these steps:

switch# config t

switch(config)#

switch(config)# ipv6 access-list List1

switch(config-ipv6-acl)#

switch(config)# no ipv6 access-list List1

OL-16184-01, Cisco MDS SAN-OS Release 3.x

The filter entries are executed in sequential order. You can only add the entries to the end of the

list. Take care to add the entries in the correct order.

Configuring IPv4-ACLs or IPv6-ACLs

Enters configuration mode.

Configures an IPv4-ACL called

List1 and permits IP traffic from

any source address to any

destination address.

Removes the IPv4-ACL called

Updates List1 to deny TCP traffic

from any source address to any

destination address.

Enters configuration mode.

Configures an IPv6-ACL called List1 and

enters IPv6-ACL configuration submode.

Removes the IPv6-ACL called List1 and all its

Cisco MDS 9000 Family CLI Configuration Guide

Chapters

Table of Contents

Troubleshooting

Configuring Ipv4-Acls Or Ipv6-Acls; Creating Ipv4-Acls Or Ipv6-Acls - HP Cisco MDS 9020 - Fabric Switch Configuration Manual

Configuring IPv4-ACLs or IPv6-ACLs

Creating IPv4-ACLs or IPv6-ACLs

Chapters

Troubleshooting

Related Manuals for HP Cisco MDS 9020 - Fabric Switch

Related Content for HP Cisco MDS 9020 - Fabric Switch

This manual is also suitable for:

Table of Contents