Cisco Catalyst 2960-XR Security Configuration Manual page 182
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
How to Configure IPv6 ACLs
Command or Action
[port-number]] [ack] [dscp value]
[established] [fin] [log] [log-input] [neq {port
| protocol}] [psh] [range {port | protocol}]
[rst] [routing] [sequence value] [syn]
[time-range name] [urg]
Step 5
{deny | permit} udp
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input]
[neq {port | protocol}] [range {port |
protocol}] [routing] [sequence value]
[time-range name]]
Step 6
{deny | permit} icmp
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] |
icmp-message] [dscp value] [log] [log-input]
[routing] [sequence value] [time-range name]
Step 7
end
Step 8
show ipv6 access-list
Step 9
copy running-config startup-config
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
160
Purpose
• established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
• fin—Finished bit set; no more data from sender.
• neq {port | protocol}—Matches only packets that are not on a given
port number.
• psh—Push function bit set.
• range {port | protocol}—Matches only packets in the port number
range.
• rst—Reset bit set.
• syn—Synchronize bit set.
• urg—Urgent pointer bit set.
(Optional) Define a UDP access list and the access conditions.
Enter udp for the User Datagram Protocol. The UDP parameters are the
same as those described for TCP, except that the [operator [port]] port
number or name must be a UDP port number or name, and the established
parameter is not valid for UDP.
(Optional) Define an ICMP access list and the access conditions.
Enter icmp for Internet Control Message Protocol. The ICMP parameters
are the same as those described for most IP protocols in Step 1, with the
addition of the ICMP message type and code parameters. These optional
keywords have these meanings:
• icmp-type—Enter to filter by ICMP message type, a number from 0
to 255.
• icmp-code—Enter to filter ICMP packets that are filtered by the ICMP
message code type, a number from 0 to 255.
• icmp-message—Enter to filter ICMP packets by the ICMP message
type name or the ICMP message type and code name. To see a list of
ICMP message type names and code names, use the ? key or see
command reference for this release.
Return to privileged EXEC mode.
Verify the access list configuration.
(Optional) Save your entries in the configuration file.
Configuring IPv6 ACLs
OL-29434-01
Advertisement
Table of Contents
