Using An Acl To Restrict Telnet Access; Logging Ipv6 Acls - Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual

ServerIronADX(config)# ipv6 access-list test2
ServerIronADX(config-ipv6-access-list test2)#
ServerIronADX(config-ipv6-access-list test2)#
ServerIronADX(config-ipv6-access-list test2)#
ServerIronADX(config-ipv6-access-list test2)#
ServerIronADX(config-ipv6-access-list test2)# exit
ServerIronADX(config)# ssh access-group ipv6 test2
Syntax: [no] ssh access-group ipv6 <acl-name>

Using an ACL to Restrict Telnet Access

To configure an ACL that restricts Telnet access to an IPv6 device, first create the named ACL with
the ACL statements. Then use the telnet access-group command to restrict Telnet access for IPv6:
ServerIronADX(config)# ipv6 access-list test1
ServerIronADX(config-ipv6-access-list test1)#
ServerIronADX(config-ipv6-access-list test1)#
ServerIronADX(config-ipv6-access-list test1)#
ServerIronADX(config-ipv6-access-list test1)#
ServerIronADX(config-ipv6-access-list test1)# exit
ServerIronADX(config)# telnet access-group ipv6 test1
Syntax: telnet access-group ipv6 <acl-name>

Logging IPv6 ACLs

Logging for IPv6 ACLs is disabled by default. To enable logging, enable it for each IPv6 ACL, then
include the logging option in an ACL statement. Logging at both levels need to be configured in
order for statistics for packets that match the condition to be logged. For example:
ServerIronADX(config)# ipv6 access-list acl2
ServerIronADX(config-ipv6-access-list-acl2)# logging-enable
ServerIronADX(config-ipv6-access-list-acl2)# permit tcp host
2002:200:12d:1300:204:23ff:fec7:dabf any eq http
ServerIronADX(config-ipv6-access-list-acl2)# deny icmp 2002:200:12d:1300::/64 any
echo-reply log
ServerIronADX(config-ipv6-access-list-acl2)# permit ipv6 any any
Syntax: [no] logging-enable
NOTE
Syntax for the log option in an IPv6 ACL statement are presented in the section
page 89.
NOTE
Permit logging is not currently supported.
ServerIron ADX Security Guide
53-1002440-03
Using an ACL to Restrict Telnet Access
deny ipv6 host 2000:1::1 any log
permit ipv6 2000:1::0/32 any
permit ipv6 2000:2::0/32 any
permit ipv6 host 2000:3::1 any
deny ipv6 host 2000:1::1 any log
permit ipv6 2000:1::0/32 any
permit ipv6 2000:2::0/32 any
permit ipv6 host 2000:3::1 any
3
"ACL Syntax" on
95