Difference between revisions of "Access-list IPv6 Cisco IOS"
From Teknologisk videncenter
m |
m (→Extended ACL) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
<source lang=cli> | <source lang=cli> | ||
ipv6 access-list PERMIT-LOCAL | ipv6 access-list PERMIT-LOCAL | ||
+ | deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64 | ||
permit ipv6 2001:16D8:DD85:4::/64 any | permit ipv6 2001:16D8:DD85:4::/64 any | ||
− | + | ||
! | ! | ||
interface FastEthernet0/1 | interface FastEthernet0/1 | ||
ipv6 traffic-filter PERMIT-LOCAL out | ipv6 traffic-filter PERMIT-LOCAL out | ||
</source> | </source> | ||
+ | |||
=Extended ACL= | =Extended ACL= | ||
<source lang=cli> | <source lang=cli> | ||
Line 19: | Line 21: | ||
ipv6 traffic-filter DMZ in | ipv6 traffic-filter DMZ in | ||
</source> | </source> | ||
+ | ==Examples== | ||
+ | *[[IPv6 Firewall Cisco IOS ACL based]] example | ||
+ | |||
=Reflexive ACL= | =Reflexive ACL= | ||
[[Image:IPv6 Reflexive ACL eksempel.png|500px|left|thumb|Reflexive example. Only ICMP incoming traffic allowed]] | [[Image:IPv6 Reflexive ACL eksempel.png|500px|left|thumb|Reflexive example. Only ICMP incoming traffic allowed]] | ||
Line 40: | Line 45: | ||
{{Source cli}} | {{Source cli}} | ||
− | [[Category:IPv6]][[Category:CiscoIPv6]] | + | [[Category:IPv6]][[Category:CiscoIPv6]][[Category:IOS]] |
Latest revision as of 10:35, 21 May 2014
Cisco Access Lists for IPv6 for IPv4 see Access-list Cisco IOS
Standard ACL
ipv6 access-list PERMIT-LOCAL
deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64
permit ipv6 2001:16D8:DD85:4::/64 any
!
interface FastEthernet0/1
ipv6 traffic-filter PERMIT-LOCAL out
Extended ACL
ipv6 access-list DMZ
permit tcp any 2001:16D8:DD85:4::/64 eq www
permit tcp any 2001:16D8:DD85:4::/64 eq 443
permit tcp any 2001:16D8:DD85:4::/64 eq smtp
!
interface FastEthernet0/1
ipv6 traffic-filter DMZ in
Examples
Reflexive ACL
ipv6 access-list OUTGOING
permit tcp 2001:410:0:2::/64 any reflect REFLECTOUT
permit udp 2001:410:0:2::/64 any reflect REFLECTOUT
deny ipv6 FC00::/7 any
permit icmp any any
deny ipv6 any any log
!
ipv6 access-list INCOMING
permit icmp any any
evaluate REFLECTOUT
deny ipv6 any any log
!
interface FastEthernet0/1
ipv6 traffic-filter INCOMING in
ipv6 traffic-filter OUTGOING out