Brocade Communications Systems 12.4.00a Home Theater Server User Manual


  Open as PDF
of 226
 
ServerIron ADX Security Guide 95
53-1002440-03
Using an ACL to Restrict Telnet Access
3
ServerIronADX(config)# ipv6 access-list test2
ServerIronADX(config-ipv6-access-list test2)# deny ipv6 host 2000:1::1 any log
ServerIronADX(config-ipv6-access-list test2)# permit ipv6 2000:1::0/32 any
ServerIronADX(config-ipv6-access-list test2)# permit ipv6 2000:2::0/32 any
ServerIronADX(config-ipv6-access-list test2)# permit ipv6 host 2000:3::1 any
ServerIronADX(config-ipv6-access-list test2)# exit
ServerIronADX(config)# ssh access-group ipv6 test2
Syntax: [no] ssh access-group ipv6 <acl-name>
Using an ACL to Restrict Telnet Access
To configure an ACL that restricts Telnet access to an IPv6 device, first create the named ACL with
the ACL statements. Then use the telnet access-group command to restrict Telnet access for IPv6:
ServerIronADX(config)# ipv6 access-list test1
ServerIronADX(config-ipv6-access-list test1)# deny ipv6 host 2000:1::1 any log
ServerIronADX(config-ipv6-access-list test1)# permit ipv6 2000:1::0/32 any
ServerIronADX(config-ipv6-access-list test1)# permit ipv6 2000:2::0/32 any
ServerIronADX(config-ipv6-access-list test1)# permit ipv6 host 2000:3::1 any
ServerIronADX(config-ipv6-access-list test1)# exit
ServerIronADX(config)# telnet access-group ipv6 test1
Syntax: telnet access-group ipv6 <acl-name>
Logging IPv6 ACLs
Logging for IPv6 ACLs is disabled by default. To enable logging, enable it for each IPv6 ACL, then
include the logging option in an ACL statement. Logging at both levels need to be configured in
order for statistics for packets that match the condition to be logged. For example:
ServerIronADX(config)# ipv6 access-list acl2
ServerIronADX(config-ipv6-access-list-acl2)# logging-enable
ServerIronADX(config-ipv6-access-list-acl2)# permit tcp host
2002:200:12d:1300:204:23ff:fec7:dabf any eq http
ServerIronADX(config-ipv6-access-list-acl2)# deny icmp 2002:200:12d:1300::/64 any
echo-reply log
ServerIronADX(config-ipv6-access-list-acl2)# permit ipv6 any any
Syntax: [no] logging-enable
NOTE
Syntax for the log option in an IPv6 ACL statement are presented in the section “ACL Syntax” on
page 89.
NOTE
Permit logging is not currently supported.
 previous next