BigIron RX Series Configuration Guide 118753-1001810-01Configuring an IPv6 ACL 47Example configurationsTo configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host2000:2382:e0bb::2, enter the following commands.Here is another example of commands for configuring an ACL and applying it to an interface.The first condition permits ICMP traffic from hosts in the 2000:2383:e0bb::x network to hosts inthe 2001:3782::x network.The second condition denies all IPv6 traffic from host 2000:2383:e0ac::2 to host2000:2383:e0aa:0::24.The third condition denies all UDP traffic.The fourth condition permits all packets that are not explicitly denied by the other entries. Withoutthis entry, the ACL would deny all incoming IPv6 traffic on the ports to which you assigned the ACL.The following commands apply the ACL "netw" to the incoming traffic on port 1/2 and to theincoming traffic on port 4/3.BigIron RX(config)# int eth 1/2BigIron RX(config-if-1/2)# ipv6 traffic-filter netw inBigIron RX(config-if-1/2)# exitBigIron RX(config)# int eth 4/3BigIron RX(config-if-4/3)# ipv6 traffic-filter netw inBigIron RX(config)# write memoryHere is another example of an ACL.BigIron RX(config)# ipv6 access-list nextoneBigIron RX(config-ipv6-access-list rtr)# deny tcp 2001:1570:21::/242001:1570:22::/24BigIron RX(config-ipv6-access-list rtr)# deny udp any range 5 6 2001:1570:22::/24BigIron RX(config-ipv6-access-list rtr)# permit ipv6 any anyBigIron RX(config-ipv6-access-list rtr)# write memoryThe first condition in this ACL denies TCP traffic from the 2001:1570:21::x network to the2001:1570:22::x network.The next condition denies UDP packets from any source with source UDP port in ranges 5 to 6 andwhose destination is to the 2001:1570:22::/24 network.BigIron RX(config)# ipv6 access-list fdryBigIron RX(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eqtelnetBigIron RX(config-ipv6-access-list-fdry)# permit ipv6 any anyBigIron RX(config-ipv6-access-list-fdry)# exitBigIron RX(config)# int eth 1/1BigIron RX(config-if-1/1)# ipv6 traffic-filter fdry inBigIron RX(config)# write memoryBigIron RX(config)# ipv6 access-list netwBigIron RX(config-ipv6-access-list-netw)# permit icmp 2000:2383:e0bb::/642001:3782::/64BigIron RX(config-ipv6-access-list-netw)# deny ipv6 host 2000:2383:e0ac::2 host2000:2383:e0aa:0::24BigIron RX(config-ipv6-access-list-netw)# deny udp any anyBigIron RX(config-ipv6-access-list-netw)# permit ipv6 any any