Blade ICE G8124-E Personal Computer User Manual


 
BLADEOS 6.5.2 Application Guide
82 Chapter 5: Access Control Lists BMD00220, October 2010
ACL Example 3
Use this configuration to block traffic from a specific IPv6 source address. All traffic that ingresses
in port 2 with source IP from class 2001:0:0:5:0:0:0:2/128 is denied.
1. Configure an Access Control List.
2. Add ACL 2 to port EXT2.
VLAN Maps
A VLAN map (VMAP) is an ACL that can be assigned to a VLAN or VM group rather than to a
switch port as with regular ACLs. This is particularly useful in a virtualized environment where
traffic filtering and metering policies must follow virtual machines (VMs) as they migrate between
hypervisors.
Note – VLAN maps for VM groups are not supported simultaneously on the same ports as vNICs
(see “Virtual NICs” on page 153).
The G8124 supports up to 127 VMAPs when the switch is operating in the default deployment
mode (see “Deployment Profiles” on page 147). VMAP menus and commands are not available in
the Routing deployment mode.
Individual VMAP filters are configured in the same fashion as regular ACLs, except that VLANs
cannot be specified as a filtering criteria (unnecessary, since the VMAP are assigned to a specific
VLAN or associated with a VM group VLAN).
RS G8124(config)# access-control list6 3 ipv6 source-address
2001:0:0:5:0:0:0:2 128
RS G8124(config)# access-control list6 3 action deny
RS G8124(config)# interface port 2
RS G8124(config-if)# access-control list6 3
RS G8124(config-if)# exit