Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Brocade Communications Systems
  4. 12.4.00a
  5. Manual De Usuario

Brocade Communications Systems 12.4.00a Manual De Usuario

Descargar
Página de 226
ServerIron ADX Security Guide
95
53-1002440-03
Using an ACL to Restrict Telnet Access
3
ServerIronADX(config)# ipv6 access-list test2
ServerIronADX(config-ipv6-access-list test2)#  deny ipv6  host 2000:1::1 any log
ServerIronADX(config-ipv6-access-list test2)#  permit ipv6  2000:1::0/32 any 
ServerIronADX(config-ipv6-access-list test2)#  permit ipv6  2000:2::0/32 any 
ServerIronADX(config-ipv6-access-list test2)#  permit ipv6 host 2000:3::1 any
ServerIronADX(config-ipv6-access-list test2)# exit
ServerIronADX(config)# ssh access-group ipv6 test2
Syntax: [no] ssh access-group ipv6 <acl-name>
Using an ACL to Restrict Telnet Access
To configure an ACL that restricts Telnet access to an IPv6 device, first create the named ACL with 
the ACL statements. Then use the telnet access-group command to restrict Telnet access for IPv6:
ServerIronADX(config)# ipv6 access-list test1
ServerIronADX(config-ipv6-access-list test1)#  deny ipv6  host 2000:1::1 any log 
ServerIronADX(config-ipv6-access-list test1)#  permit ipv6  2000:1::0/32 any 
ServerIronADX(config-ipv6-access-list test1)#  permit ipv6  2000:2::0/32 any 
ServerIronADX(config-ipv6-access-list test1)#  permit ipv6 host 2000:3::1 any
ServerIronADX(config-ipv6-access-list test1)# exit
ServerIronADX(config)# telnet access-group ipv6 test1
Syntax: telnet access-group ipv6 <acl-name>
Logging IPv6 ACLs
Logging for IPv6 ACLs is disabled by default. To enable logging, enable it for each IPv6 ACL, then 
include the logging option in an ACL statement. Logging at both levels need to be configured in 
order for statistics for packets that match the condition to be logged. For example:
ServerIronADX(config)# ipv6 access-list acl2 
ServerIronADX(config-ipv6-access-list-acl2)# logging-enable
ServerIronADX(config-ipv6-access-list-acl2)# permit tcp host 
2002:200:12d:1300:204:23ff:fec7:dabf any eq http 
ServerIronADX(config-ipv6-access-list-acl2)# deny icmp 2002:200:12d:1300::/64 any 
echo-reply log 
ServerIronADX(config-ipv6-access-list-acl2)# permit ipv6 any any
Syntax: [no] logging-enable
NOTE
Syntax for the log option in an IPv6 ACL statement are presented in the section 
“ACL Syntax”
 on 
page 89. 
NOTE
Permit logging is not currently supported.