ipv6 (management-policy)

Restricts management access to specified hosts and/or subnets based on their IPv6 addresses and prefixes respectively

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

ipv6 restrict-access [host|ipv6-access-list|subnet]
ipv6 restrict-access host <IPv6> {log|subnet}
ipv6 restrict-access host <IPv6> {log [all|denied-only]}
ipv6 restrict-access host <IPv6> {subnet <IPv6-PREFIX> {log [all|denied-only]}}
ipv6 restrict-access ipv6-access-list <IPv6-ACCESS-LIST-NAME>
ipv6 restrict-access subnet <IPv6-PREFIX> {host|log}
ipv6 restrict-access subnet <IPv6-PREFIX> {log [all|denied-only]}
ipv6 restrict-access subnet <IPv6-PREFIX> {host <IPv6> {log [all|denied-only]}}

Parameters

ipv6 restrict-access host <IPv6> {log [all|denied-only]}
host <IPv6> Restricts management access to a specified host, based on the host‘s IPv6 address
  • <IPv6> – Specify the host‘s IPv6 address.
log [all|denied-only] Optional. Configures a logging policy for access requests
  • all – Logs all access requests, both denied and permitted
  • denied-only – Logs only denied access events (when a host is denied access)
ipv6 restrict-access host <IPv6> {subnet <IPv6-PREFIX> {log [all|denied-only]}}
host <IPv6> Restricts management access to a specified host, based on the host‘s IPv6 address
  • <IPv6> – Specify the host‘s IPv6 address.
subnet <IPv6-PREFIX> Optional. Restricts access to the host on a specified IPv6 subnet
  • <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
log [all|denied-only] Optional. Configures a logging policy for access requests
  • all – Logs all access requests, both denied and permitted
  • denied-only – Logs only denied access events (when a host/subnet is denied access)
ipv6 restrict-access ipv6-access-list <IPv6-ACCESS-LIST-NAME>
ipv6-access-list <IPv6-ACCESS-LIST-NAME> Uses an IPv6 ACL (Access Control List) to filter access requests. IPv6 ACLs filter/mark packets based on the IPv6 address from which they arrive. IPv6 hosts configure themselves automatically when connected to an IPv6 network using the ND (neighbor discovery) protocol via ICMPv6 router discovery messages. These hosts require firewall packet protection unique to IPv6 traffic, as IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. An existing IPv6 ACL can be created and used in the management policy context to permit or deny access to specific hosts and/or subnets.
  • <IPv6-ACCESS-LIST-NAME> – Specify the IPv6 ACL name.
ipv6 restrict-access subnet <IPv6-PREFIX> {log [all|denied-only]}
subnet <IPv6-PREFIX> Restricts management access to a specified IPv6 subnet
  • <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
log [all|denied-only] Optional. Configures a logging policy for access requests
  • all – Logs all access requests, both denied and permitted
  • denied-only – Logs only denied access events (when a host/subnet is denied access)
ipv6 restrict-access subnet <IPv6-PREFIX> {host <IPv6> {log [all|denied-only]}}
subnet <IPv6-PREFIX> Restricts management access to a specified IPv6 subnet
  • <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
host <IPv6> Optional. Restricts management access to a specific host within the specified subnet
  • <IPv6> – Specify the host‘s IPv6 address.
log [all|denied-only] Optional. Configures a logging policy for access requests
  • all – Logs all access requests, both denied and permitted
  • denied-only – Logs only denied access events (when a host/subnet is denied access)

Example

rfs4000-6DB5D4(config-management-policy-test)#ipv6 restrict-access host 2001:fdbc:06cf:0011::13 subnet 2001:fdbc:06cf:0011::0/64 log all
rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 ipv6 restrict-access host 2001:fdbc:06cf:0011::13 subnet 2001:fdbc:06cf:0011::0/64 log all
rfs4000-6DB5D4(config-management-policy-test)#

Related Commands

no Removes management access restriction settings