ACL Commands
123 OL-32830-01 Command Line Interface Reference Guide
4
If a range of ports is used for source port it is counted again if it is also used for
destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest
priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If
the user types already existed priority, then the command is rejected.
Example
This example defines an ACL by the name of server and enters a rule (ACE) for tcp
packets.
switchxxxxxx(config)# ipv6 access-list
server
switchxxxxxx(config-ipv6-al)# permit
tcp
3001::2/64
any
any
80
4.6 deny ( IPv6 )
Use the deny command in Ipv6 Access-list Configuration mode to set permit
conditions (ACEs) for IPv6 ACLs. Use the no form of the command to remove the
access control entry.
Syntax
deny
protocol {any | {source-prefix/length}{any | destination- prefix/length}
[
ace-priority
priority][dscp number | precedence number] [
time-range
time-range-name] [disable-port |log-input ]
deny
icmp {any | {source-prefix/length}{any | destination- prefix/length}
{any|icmp-type} {any|icmp-code} [
ace-priority
priority][dscp number | precedence
number] [
time-range
time-range-name] [disable-port |log-input ]
deny
tcp {any | {source-prefix/length} {any | source-port/port-range}}{any |
destination- prefix/length} {any| destination-port/port-range} [
ace-priority
priority][dscp number | precedence number] [match-all list-of-flags] [
time-range
time-range-name] [disable-port |log-input ]
deny
udp {any | {source-prefix/length}} {any | source-port/port-range}}{any |
destination- prefix/length} {any| destination-port/port-range} [
ace-priority
priority][dscp number | precedence number] [
time-range
time-range-name]
[disable-port |log-input ]
no deny
protocol {any | {source-prefix/length}{any | destination- prefix/length}
[dscp number | precedence number] [
time-range
time-range-name] [disable-port
|log-input ]
To Next Page
Loading...
Need help?
General
