Filter
Top Products
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-16
1.5 Configuring IPv6-based
Extended Access List
1.5.1 Configuring IPv6 Extended
Access List
The configuration of an IPv6-based access list includes the following steps:
1. Define an IPv6 access list
2. Apply the access list to a specific interface (application particular case)
There is the following method to configure a basic access list. Run the following
command in the ACL configuration mode:
Command Function
DES-7200(config)# ipv6 access-list name
Enter the access list configuration
mode
DES-7200 (config-ipv6-nacl)# [sn] {permit | deny }
prot {src-ipv6-prefix/prefix-len | host src-ipv6-addr |
any} {dst-ipv6-pfix/pfix-len | any | host
dst-ipv6-addr} [dscp dscp] [flow-label flow-label]
[time-range tm-rng-name]
Add table entries for ACL. For details
about commands, please see
command reference.
DES-7200(config-exp-nacl)# exit
DES-7200(config)# interface interface
Exit from the access control list mode
and select the interface to which the
access list is to be applied.
DES-7200(config-if)# ipv6 traffic-filter name {in |
out}
Apply the access list to the specific
interface
1.5.2 Showing Configuration of
IPv6Extended Access List
To monitor access lists, please run the following command the in privileged user mode:
Command Function
DES-7200# show access-lists [name ]
Show the basic access list.
1.5.3 IPv6 Extended Access List
Example
It is required to implement the following security functions by configuring access lists:
The 192.168.4.12 host can access the gi 0/1 port of a device.
It cannot access other ports.