Home Theater Server User Manual

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00a

101

102

103

104

105

106

107

108

109

110

Table Of Contents

ServerIron ADX Security Guide 95

53-1002440-03

Using an ACL to Restrict Telnet Access

ServerIronADX(config)# ipv6 access-list test2

ServerIronADX(config-ipv6-access-list test2)# deny ipv6 host 2000:1::1 any log

ServerIronADX(config-ipv6-access-list test2)# permit ipv6 2000:1::0/32 any

ServerIronADX(config-ipv6-access-list test2)# permit ipv6 2000:2::0/32 any

ServerIronADX(config-ipv6-access-list test2)# permit ipv6 host 2000:3::1 any

ServerIronADX(config-ipv6-access-list test2)# exit

ServerIronADX(config)# ssh access-group ipv6 test2

Syntax: [no] ssh access-group ipv6 <acl-name>

Using an ACL to Restrict Telnet Access

To configure an ACL that restricts Telnet access to an IPv6 device, first create the named ACL with

the ACL statements. Then use the telnet access-group command to restrict Telnet access for IPv6:

ServerIronADX(config)# ipv6 access-list test1

ServerIronADX(config-ipv6-access-list test1)# deny ipv6 host 2000:1::1 any log

ServerIronADX(config-ipv6-access-list test1)# permit ipv6 2000:1::0/32 any

ServerIronADX(config-ipv6-access-list test1)# permit ipv6 2000:2::0/32 any

ServerIronADX(config-ipv6-access-list test1)# permit ipv6 host 2000:3::1 any

ServerIronADX(config-ipv6-access-list test1)# exit

ServerIronADX(config)# telnet access-group ipv6 test1

Syntax: telnet access-group ipv6 <acl-name>

Logging IPv6 ACLs

Logging for IPv6 ACLs is disabled by default. To enable logging, enable it for each IPv6 ACL, then

include the logging option in an ACL statement. Logging at both levels need to be configured in

order for statistics for packets that match the condition to be logged. For example:

ServerIronADX(config)# ipv6 access-list acl2

ServerIronADX(config-ipv6-access-list-acl2)# logging-enable

ServerIronADX(config-ipv6-access-list-acl2)# permit tcp host

2002:200:12d:1300:204:23ff:fec7:dabf any eq http

ServerIronADX(config-ipv6-access-list-acl2)# deny icmp 2002:200:12d:1300::/64 any

echo-reply log

ServerIronADX(config-ipv6-access-list-acl2)# permit ipv6 any any

Syntax: [no] logging-enable

NOTE

Syntax for the log option in an IPv6 ACL statement are presented in the section “ACL Syntax” on

page 89.

NOTE

Permit logging is not currently supported.