Applying An Ipv6 Acl To An Interface; Adding Tcp Flags To An Ipv6 Acl Entry; Adding A Comment To An Ipv6 Acl Entry - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
•
•
•
NOTE
If you do not specify a message type, the ACL applies to all types ICMP messages types.
Applying an IPv6 ACL to an interface
To apply an IPv6 ACL, for example "access1", to an interface, enter commands such as the
following.
BigIron RX(config)# interface ethernet 3/1
BigIron RX(config-if-e100-3/1)# ipv6 traffic-filter access1 in
This example applies the IPv6 ACL "access1" to incoming IPv6 packets on Ethernet interface 3/1.
As a result, Ethernet interface 3/1 denies all incoming packets from the site-local prefix
fec0:0:0:2::/64 and the global prefix 2001:100:1::/48 and permits all other incoming packets.
Syntax: ipv6 traffic-filter <ipv6-acl-name> in
For the <ipv6-acl-name> parameter, specify the name of an IPv6 ACL created using the ipv6
access-list command.
The in keyword applies the specified IPv6 ACL to incoming IPv6 packets on the interface.
Adding TCP flags to an IPv6 ACL entry
You can add aTCP flags to entries in an IPv6 ACL. The TCP flag will appear in the output of show
commands that display ACL information.
Enter match-all <tcp- flags> if you want all the flags you specify to be matched from a TCP session.
Use match-any <tcp-flag> if any of the flags will be matched. You can enter more than one TCP flag.
Separate each flag with a space, using a + or – to indicate if the matching condition requires the bit
to be set to 1 (+) or 0 (–).
This example applies the TCP flags to allow TCP packets only if the TCP flags SYN and ACK are set
and the FIN flag is not set.
BigIron RX> enable
BigIron RX# configure terminal
BigIron RX(config)# ipv6 access-list fdry
BigIron RX (config-ipv6-access-list fdry)# permit tcp any any match-all +ack +syn
BigIron RX(config-ipv6-access-list fdry)# permit tcp any any match-any -urg +syn
-psh
BigIron RX (config-ipv6-access-list fdryl)# end
Adding a comment to an IPv6 ACL entry
You can optionally add a comment to describe entries in an IPv6 ACL. The comment appears in the
output of show commands that display ACL information.
BigIron RX Series Configuration Guide
53-1001810-01
sequence
time-exceeded
unreachable
Applying an IPv6 ACL to an interface
47
1195
Advertisement
Table of Contents
