Configuring IPv4 and IPv6 Access Control Lists
Enters configuration mode.
Step 2
switch(config)# ip access-list List2 deny tcp 1.2.3.0 0.0.0.255 eq port 5 any
Denies TCP traffic from 1.2.3.0 through source port 5 to any destination.
Operand and port options for an IPv6-ACL
To use the operand and port options for an IPv6-ACL, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# ip access-list List2 deny tcp 2001:0DB8:800:200C::/64 eq port 5 any
Denies TCP traffic from 2001:0DB8:800:200C::/64 through source port 5 to any destination.
Adding IP Filters to an Existing IPv4-ACL
After you create an IPv4-ACL or an IPv6-ACL, you can add subsequent IP filters at the end of the IPv4-ACL
or the IPv6-ACL. You cannot insert filters in the middle of an IPv4-ACL or an IPv6-ACL. Each configured
entry is automatically added to the end of a IPv4-ACL or a IPv6-ACL.
To add entries to an existing IPv4-ACL, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# ip access-list List1 permit tcp 10.1.1.2 0.0.0.0 172.16.1.1 0.0.0.0 eq port telnet
Permits TCP for Telnet traffic.
Step 3
switch(config)# ip access-list List1 permit tcp 10.1.1.2 0.0.0.0 172.16.1.1 0.0.0.0 eq port http
Permits TCP for HTTP traffic.
Step 4
switch(config)# ip access-list List1 permit udp 10.1.1.2 0.0.0.0 172.16.1.1 0.0.0.0
Permits UDP for all traffic.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Operand and port options for an IPv6-ACL
107