Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
178
|
Chapter 10. ACLs
ProSafe Managed Switch
Note that the order of the rules is important: When a packet matches multiple rules, the first
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
Figure 21. IPv6 ACLs
The script in this section shows you how to set up an IPv6 ACL with the following three rules:
•
Rule-1. Permits every traffic to the destination network 2001:DB8:C0AB:AC14::/64.
•
Rule-2. Permits IPv6 TELNET traffic to the destination network
2001:DB8:C0AB:AC13::/64.
•
Rule-3. Permits IPv6 HTTP traffic to any destination.
CLI: Configure an IPv6 ACL
1.
Create the access control list with the name ipv6-acl.
2.
Define three rules to:
•
Permit any IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the
source network 2001:DB8:C0AB:AC11::/64.
(Netgear Switch) (Config)# ipv6 access-list ipv6-acl
GSM73xxS
2001:0DB8:c0ab:ac11::/64
2001:0DB8:c0ab:ac12::/64
2001:0DB8:c0ab:ac13::/64
2001:0DB8:c0ab:ac14::/64
IPv6 HTTP traffic
IPv6 Telnet traffic
IPv6 Any other traffic
Interface 1/0/1