PurposeCommand or Action
include the input interface in the log entry. Logging is supported only
for router ACLs.
•
(Optional) Enter routing to specify that IPv6 packets be routed.
•
(Optional) Enter sequence value to specify the sequence number for
the access list statement. The acceptable range is from 1 to
4,294,967,295.
•
(Optional) Enter time-range name to specify the time range that
applies to the deny or permit statement.
(Optional) Define a TCP access list and the access conditions.{deny | permit} tcp
{source-ipv6-prefix/prefix-length | any | host
Step 5
Enter tcp for Transmission Control Protocol. The parameters are the same
as those described in Step 3a, with these additional optional parameters:
source-ipv6-address} [operator
[port-number]] {destination-ipv6-
• ack—Acknowledgment bit set.
prefix/prefix-length | any | host
destination-ipv6-address} [operator
• established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
[port-number]] [ack] [dscp value]
[established] [fin] [log] [log-input] [neq {port
| protocol}] [psh] [range {port | protocol}]
• fin—Finished bit set; no more data from sender.
[rst] [routing] [sequence value] [syn]
[time-range name] [urg]
• neq {port | protocol}—Matches only packets that are not on a given
port number.
• psh—Push function bit set.
• range {port | protocol}—Matches only packets in the port number
range.
• rst—Reset bit set.
• syn—Synchronize bit set.
• urg—Urgent pointer bit set.
(Optional) Define a UDP access list and the access conditions.{deny | permit} udp
{source-ipv6-prefix/prefix-length | any | host
Step 6
Enter udp for the User Datagram Protocol. The UDP parameters are the
same as those described for TCP, except that the [operator [port]] port
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
number or name must be a UDP port number or name, and the established
parameter is not valid for UDP.
host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input]
[neq {port | protocol}] [range {port |
protocol}] [routing] [sequence value]
[time-range name]]
(Optional) Define an ICMP access list and the access conditions.{deny | permit} icmp
{source-ipv6-prefix/prefix-length | any | host
Step 7
Enter icmp for Internet Control Message Protocol. The ICMP parameters
are the same as those described for most IP protocols in Step 1, with the
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
addition of the ICMP message type and code parameters. These optional
keywords have these meanings:
host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] |
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1224
How to Configure IPv6 ACLs
To Next Page
Loading...
Need help?
General
