PurposeCommand or Action
• established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
[port-number]] [ack] [dscp value]
[established] [fin] [log] [log-input] [neq {port
| protocol}] [psh] [range {port | protocol}]
• fin—Finished bit set; no more data from sender.
[rst] [routing] [sequence value] [syn]
[time-range name] [urg]
• neq {port | protocol}—Matches only packets that are not on a given
port number.
• psh—Push function bit set.
• range {port | protocol}—Matches only packets in the port number
range.
• rst—Reset bit set.
• syn—Synchronize bit set.
• urg—Urgent pointer bit set.
(Optional) Define a UDP access list and the access conditions.{deny | permit} udp
{source-ipv6-prefix/prefix-length | any | host
Step 5
Enter udp for the User Datagram Protocol. The UDP parameters are the
same as those described for TCP, except that the [operator [port]] port
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
number or name must be a UDP port number or name, and the established
parameter is not valid for UDP.
host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input]
[neq {port | protocol}] [range {port |
protocol}] [routing] [sequence value]
[time-range name]]
(Optional) Define an ICMP access list and the access conditions.{deny | permit} icmp
{source-ipv6-prefix/prefix-length | any | host
Step 6
Enter icmp for Internet Control Message Protocol. The ICMP parameters
are the same as those described for most IP protocols in Step 1, with the
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
addition of the ICMP message type and code parameters. These optional
keywords have these meanings:
host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] |
• icmp-type—Enter to filter by ICMP message type, a number from 0
to 255.
icmp-message] [dscp value] [log] [log-input]
[routing] [sequence value] [time-range name]
• icmp-code—Enter to filter ICMP packets that are filtered by the ICMP
message code type, a number from 0 to 255.
• icmp-message—Enter to filter ICMP packets by the ICMP message
type name or the ICMP message type and code name. To see a list of
ICMP message type names and code names, use the ? key or see
command reference for this release.
Return to privileged EXEC mode.end
Step 7
Verify the access list configuration.show ipv6 access-list
Step 8
(Optional) Save your entries in the configuration file.copy running-config startup-config
Step 9
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
160 OL-29434-01
Configuring IPv6 ACLs
How to Configure IPv6 ACLs
To Next Page
Loading...
