190
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter P Commands
permit ipv6 (IPv6)
Command Default None
Command Modes IPv6 ACL configuration mode
Command History
Usage Guidelines A newly created IPv6 ACL contains no rules.
When the device applies an IPv6 ACL to a packet, it evaluates the packet with every rule in the ACL.
The device enforces the first rule whose conditions are satisfied by the packet. When the conditions of
more than one rule are satisfied, the device enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of several ways. In each rule, the method
you use to specify one of these arguments does not affect how you specify the other. When you configure
a rule, use the following methods to specify the source and destination arguments:
• Address and variable-length subnet mask—You can use an IPv6 address followed by a
variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The
syntax is as follows:
IPv6-address/prefix-len
This example shows how to specify the source argument with the IPv6 address and VLSM for the
2001:0db8:85a3:: network:
switch(config-acl)# permit ipv6 2001:0db8:85a3::/48 any
• Host address—You can use the host keyword and an IPv6 address to specify a host as a source or
destination. The syntax is as follows:
host IPv6-address
fragments (Optional) Specifies that the rule matches noninitial fragmented packets
only. The device considers noninitial fragmented packets to be packets with
a fragment extension header that contains a fragment offset that is not equal
to zero. You cannot specify this keyword in the same rule that you specify
Layer 4 options, such as a TCP port number, because the information that the
devices requires to evaluate those options is contained only in initial
fragments.
log (Optional) Specifies that the device generates an informational logging
message about each packet that matches the rule. The message includes the
following information:
• Protocol
• Source and destination addresses
• Source and destination port numbers, if applicable
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
