Cisco WS-C3560V2-24TS-E Command Reference - Page 328
permit any any
View all Cisco WS-C3560V2-24TS-E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 328 highlights
permit (IPv6 access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands This is a list of ICMP message names: beyond-scope echo-reply header mld-query mld-report nd-ns no-admin packet-too-big parameter-problem reassembly-timeout renum-result router-advertisement router-solicitation unreachable destination-unreachable echo-request hop-limit mld-reduction nd-na next-header no-route parameter-option port-unreachable renum-command renum-seq-number router-renumbering time-exceeded Examples This example configures two IPv6 access lists named OUTBOUND and INBOUND and applies both access lists to outbound and inbound traffic on a Layer 3 interface. The first and second permit entries in the OUTBOUND list permit all TCP and UDP packets from network 2001:ODB8:0300:0201::/64 to leave the interface. The deny entry in the OUTBOUND list prevents all packets from the network FE80:0:0:0201::/64 (packets that have the link-local prefix FE80:0:0:0201 as the first 64 bits of their source IPv6 address) from leaving the interface. The third permit entry in the OUTBOUND list permits all ICMP packets to exit the interface. The permit entry in the INBOUND list permits all ICMP packets to enter the interface. Switch(config)#ipv6 access-list OUTBOUND Switch(config-ipv6-acl)# permit tcp 2001:0DB8:0300:0201::/64 any Switch(config-ipv6-acl)# permit udp 2001:0DB8:0300:0201::/64 any Switch(config-ipv6-acl)# deny FE80:0:0:0201::/64 any Switch(config-ipv6-acl)# permit icmp any any Switch(config-ipv6-acl)# exit Switch(config)#ipv6 access-list INBOUND Switch(config-ipv6-acl)# permit icmp any any Switch(config-ipv6-acl)# exit Switch(config)# interface gigabitethernet0/3 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64 Switch(config-if)# ipv6 traffic-filter OUTBOUND out Switch(config-if)# ipv6 traffic-filter INBOUND in Note Given that a permit any any statement is not included as the last entry in the OUTBOUND or INBOUND access list, only TCP, UDP, and ICMP packets are permitted out of and into the interface (the implicit deny-all condition at the end of the access list denies all other packet types on the interface). 2-296 Catalyst 3560 Switch Command Reference 78-16405-05