Brocade Communications Systems 12.4.00a Manual De Usuario

Using an ACL to Restrict SSH Access

3

Displaying ACLs

To display the ACLs configured on a device, enter the show ipv6 access-list command. Here is an 
example:

Syntax: show ipv6 access-list [<access-list-name>]

Displaying ACLs bound to an interface

To display ACLs bound to an interface, enter the show access-list bindings command. Here is an 
example:

ServerIronADX# show access-list bindings        

Access-list binding configuration:

!

interface ethernet 1

ipv6 traffic-filter ipv61 in

!

interface ethernet 2

ipv6 traffic-filter icmp_any in

!

ServerIronADX 1000#

Syntax: show access-list bindings

Using an ACL to Restrict SSH Access 

To configure an ACL that restricts SSH access to an IPv6 device, first create the 

named ACL with the ACL statements. Then use the ssh access-group command to 

restrich SSH access for IPv6:

ServerIronADX# show ipv6 access-list

ipv6 access-list v6-acl1: 1 entries

 deny ipv6 any any

ipv6 access-list v6-acl2: 1 entries

 permit ipv6 any any

ipv6 access-list v6-acl3: 2 entries

 deny ipv6 2001:aa:10::/64 any

 permit ipv6 any any

ipv6 access-list v6-acl4: 2 entries

 deny ipv6 2002:aa::/64 any

 permit ipv6 any any

ipv6 access-list v6-acl5: 6 entries

 permit tcp 2002:bb::/64 any

 permit ipv6 2002:bb::/64 any

 permit ipv6 2001:aa:101::/64 any

 permit ipv6 2001:aa:10::/64 2001:aa:102::/64

 permit ipv6 host 2001:aa:10::102 host 2001:aa:101::102

 permit ipv6 any any fragments