Table of Contents
Advertisement
3
Using an ACL to Restrict SSH Access
Displaying ACLs
To display the ACLs configured on a device, enter the show ipv6 access-list command. Here is an
example:
ServerIronADX# show ipv6 access-list
ipv6 access-list v6-acl1: 1 entries
deny ipv6 any any
ipv6 access-list v6-acl2: 1 entries
permit ipv6 any any
ipv6 access-list v6-acl3: 2 entries
deny ipv6 2001:aa:10::/64 any
permit ipv6 any any
ipv6 access-list v6-acl4: 2 entries
deny ipv6 2002:aa::/64 any
permit ipv6 any any
ipv6 access-list v6-acl5: 6 entries
permit tcp 2002:bb::/64 any
permit ipv6 2002:bb::/64 any
permit ipv6 2001:aa:101::/64 any
permit ipv6 2001:aa:10::/64 2001:aa:102::/64
permit ipv6 host 2001:aa:10::102 host 2001:aa:101::102
permit ipv6 any any fragments
Syntax: show ipv6 access-list [<access-list-name>]
Displaying ACLs bound to an interface
To display ACLs bound to an interface, enter the show access-list bindings command. Here is an
example:
ServerIronADX# show access-list bindings
Access-list binding configuration:
!
interface ethernet 1
ipv6 traffic-filter ipv61 in
!
interface ethernet 2
ipv6 traffic-filter icmp_any in
!
ServerIronADX 1000#
Syntax: show access-list bindings
Using an ACL to Restrict SSH Access
To configure an ACL that restricts SSH access to an IPv6 device, first create the
named ACL with the ACL statements. Then use the ssh access-group command to
restrich SSH access for IPv6:
94
ServerIron ADX Security Guide
53-1002440-03
Advertisement
Table of Contents
Troubleshooting
