Network OS Administration Guide

Supporting Network OS 6.0.1a

Part Number: 53-1003768-04

Creating an IPv6 ACL for SNMP

A standard ACL permits or denies traffic according to source address only. SNMP supports only standard ACLs.

  1. Enter configure to access global configuration mode.
    switch# configure
  2. Enter the ipv6 access-list standard command to create the access list.
    switch(config)# ipv6 access-list standard std_V6_ACL4
  3. For each ACL rule, enter a [seq] {permit | deny | hard-drop} command, specifying the needed parameters.
    switch(config-ip6acl-std)# seq 5 permit host 2001:db8::1:2
    switch(config-ip6acl-std)# seq 15 deny any
The following example does the following, under SNMPv1 or SNMPv2c:
  1. Creates an IPv6 standard ACL named "stdv6acl".
  2. Defines rules that permits packets from a specified host and denies packets from any other host.
  3. Configures the SNMP server community "c1", including application of the "stdv6acl" IPv6 ACL.
switch(config)# ipv6 access-list standard stdv6acl 
switch(conf-ip6acl-std)# permit fe::/24 
switch(conf-ip6acl-std)# deny any
switch(conf-ip6acl-std)# exit
switch(config)# snmp-server community c1 groupname admin ipv6-acl stdv6acl