Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎12-13-2010

IPv6 admin ACL on an MLX

Hi All,

What is the recommended way to limit IPv6 management access to an MLX device? For IPv4 there is

telnet access-group ADMIN

ssh access-group ADMIN

snmp-server community 2 ... ro ADMIN

and so on... But what to do for IPv6?

//jb

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: IPv6 admin ACL on an MLX

One way is something like the following

NetIron(config)# ipv6 access-list fdry

NetIron(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eq

telnet

NetIron(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eq

ssh

NetIron(config-ipv6-access-list-fdry)# permit ipv6 any any

NetIron(config-ipv6-access-list-fdry)# exit

NetIron(config)# int eth 1/1

NetIron(config-if-1/1)# ipv6 traffic-filter fdry in

NetIron(config)# write memory

Thanks

Michael.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: IPv6 admin ACL on an MLX

Hi,

     Did you test the ACL?  Does it meet your needs?

Thanks

Michael

New Contributor
Posts: 2
Registered: ‎12-13-2010

Re: IPv6 admin ACL on an MLX

Well no, not really, since It's not an admin ACL as such. If this was a good way to do it, there wouldn't be admin ACLs on Ipv4 either.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: IPv6 admin ACL on an MLX

Hi Jakob

     I have doubled checked and this looks to be the only way that is listed in the manual for IPv6.  I would think the admin ACL's as simply predefined ACL's on IPv4.

Thanks

Michael.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.