IP Configuration
IPv6 Management and Interfaces
STEP 1
STEP 2
STEP 3
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
IPv6 Prefix List
When First Hop Security is configured, it is possible to define rules for filtering
based on IPv6 prefixes. These lists can be defined in the IPv6 Prefix List page.
Prefix lists are configured with permit or deny keywords to either permit or deny a
prefix based on a matching condition. An implicit deny is applied to traffic that
does not match any prefix-list entry.
A prefix-list entry consists of an IP address and a bit mask. The IP address can be
for a classful network, a subnet, or a single host route. The bit mask is a number
from 1 to 32.
Prefix lists are configured to filter traffic based on a match of an exact prefix length
or a match within a range when the ge and le keywords are used.
The Greater Than and Lower Than parameters are used to specify a range of
prefix lengths and provide more flexible configuration than using only the network/
length argument. A prefix list is processed using an exact match when neither the
Greater Than nor Lower Than parameter is specified. If only the Greater Than
parameter is specified, the range is the value entered for Greater Than to a full 32-
bit length. If only Lower Than is specified, the range is from the value entered for
the network/length argument to the Lower Than. If both the Greater Than and
Lower Than arguments are entered, the range is between the values used for
Greater Than and Greater Than.
To create a prefix list:
(In Layer 3) Click IP Configuration > IPv6 Management Interfaces > IPv6 Prefix
List.
-or
(In Layer 2)Click Administration > IPv6 Management Interfaces > IPv6 Prefix
List.
Click Add.
Enter the following fields:
•
List Name—Select one of the following options:
-
Use Existing List—Select a previously-defined list to add a prefix to it.
-
Create New List—Enter a name to create a new list.
17
311