2014年2月24日 星期一

IPv6 Access Control List (1)

IPv6 Access Control List (1)

This LAB only permit host C3 (IPv6 address : 2001:aaaa::4/64) access Server S1 user port 80 , deny other host access server S1 use port 80 , and permit any IPv6 traffic.

v6acl#show ipv6 access-list ipv6acl
IPv6 access list ipv6acl
    permit tcp host 2001:AAAA::4 host 2001:BBBB::2 eq www (54 matches) sequence 10
    deny tcp any host 2001:BBBB::2 eq www (30 matches) sequence 20
    permit ipv6 any any (10 matches) sequence 30

v6acl#
v6acl#




================================
!
hostname v6acl
!
!
ipv6 unicast-routing
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:AAAA::1/64
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:BBBB::1/64
 ipv6 traffic-filter ipv6acl out
!
!
!
logging alarm informational
!
!
!
!
!
!
ipv6 access-list ipv6acl
 permit tcp host 2001:AAAA::4 host 2001:BBBB::2 eq www
 deny tcp any host 2001:BBBB::2 eq www
 permit ipv6 any any

!
!
end
================================


沒有留言:

張貼留言