Configuring Named Ipv6 Acls - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring Named IPv6 ACLs
EtherType matching allows you to classify tagged and untagged IP packets based on the EtherType
value. Tagged packets present a potential operation problem:
•
•
For more information about the mac access-list extended command, refer to the Catalyst 4500 Series
Switch Cisco IOS Command Reference.
To create a named MAC extended ACL, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# [no] mac access-list
extended name
Step 3
Switch(config-ext-macl)# {deny | permit}
{any | host source MAC address | source
MAC address mask} {any | host destination
MAC address | destination MAC address
mask} [protocol-family {appletalk |
arp-non-ipv4 | decnet | ipx | ipv6 (not
supported on Sup 6-E and 6L-E)| rarp-ipv4
| rarp-non-ipv4 | vines | xns} |
ethertype]
Step 4
Switch(config-ext-macl)# end
Step 5
Switch# show access-lists [number | name]
Step 6
Switch(config)# copy running-config
startup-config
This example shows how to create and display an access list named matching, permitting the 0x8863 and
0x8040 EtherType values:
Configuring Named IPv6 ACLs
Supervisor Engine 6-E, Supervisor Engine 6L-E, Supervisor Engine 7-E, Supervisor Engine 7L-E, and
Supervisor Engine 8-E support hardware-based IPv6 ACLs to filter unicast, multicast and broadcast IPv6
traffic on Layer 2 and Layer 3 interfaces. You can only configure such access lists on Layer 3 interfaces
that are configured with an IPv6 address.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
62-18
While single-tagged packets are supported on the access and trunk ports, double-tagged packets are
not.
Single and double-tagged packets are not supported if the port mode is dot1qtunnel.
Switch(config)# mac access-list extended matching
Switch(config-ext-macl)# permit any any 0x8863
Switch(config-ext-macl)# permit any any 0x8040
Switch(config-ext-macl)# end
Switch # show access-lists matching
Extended MAC access list matching
permit any any 0x8863
permit any any netbios
Switch #
Chapter 62
Purpose
Enters global configuration mode.
Defines an extended MAC access list using a name.
To delete the entire ACL, use the no mac access-list extended
name global configuration command. You can also delete
individual ACEs from named MAC extended ACLs.
In extended MAC access-list configuration mode, specify to
permit or deny any based upon the EtherTypes value, valid values
are 15636-65535.
You can specify matching by either EtherType or protocol
Note
family but not both.
Returns to privileged EXEC mode.
Shows the access list configuration.
(Optional) Saves your entries in the configuration file.
Configuring Network Security with ACLs
Advertisement
Chapters
Table of Contents
Troubleshooting
