Cisco Catalyst 2960-XR Security Configuration Manual page 180
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
How to Configure IPv6 ACLs
SUMMARY STEPS
1. configure terminal
2. [no]{ipv6 access-list list-name| client permit-control-packets| log-update threshold| role-based
list-name}
3. [no]{deny | permit} protocol {source-ipv6-prefix/|prefix-length|any threshold| host source-ipv6-address}
[ operator [ port-number ]] { destination-ipv6-prefix/ prefix-length | any | host destination-ipv6-address}
[operator [port-number]][dscp value] [fragments] [log] [log-input] [routing] [sequence value] [time-range
name]
4. {deny | permit} tcp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6- prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [ack] [dscp value] [established] [fin] [log] [log-input] [neq {port | protocol}] [psh]
[range {port | protocol}] [rst] [routing] [sequence value] [syn] [time-range name] [urg]
5. {deny | permit} udp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input] [neq {port | protocol}] [range {port | protocol}] [routing]
[sequence value] [time-range name]]
6. {deny | permit} icmp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator
[port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] | icmp-message] [dscp value] [log] [log-input] [routing] [sequence
value] [time-range name]
7. end
8. show ipv6 access-list
9. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
[no]{ipv6 access-list list-name| client
permit-control-packets| log-update threshold|
role-based list-name}
Example:
Switch(config)# ipv6 access-list
example_acl_list
Step 3
[no]{deny | permit} protocol
{source-ipv6-prefix/|prefix-length|any
threshold| host source-ipv6-address} [ operator
[ port-number ]] { destination-ipv6-prefix/
prefix-length | any | host
destination-ipv6-address} [operator
[port-number]][dscp value] [fragments] [log]
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
158
Purpose
Enters the global configuration mode.
Defines an IPv6 ACL name, and enters IPv6 access list configuration mode.
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched. These are the conditions:
• For protocol, enter the name or number of an Internet protocol: ahp,
esp, icmp, ipv6, pcp, stcp, tcp, or udp, or an integer in the range 0
to 255 representing an IPv6 protocol number.
Configuring IPv6 ACLs
OL-29434-01
Advertisement
Table of Contents
