71
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter D Commands
deny ipv6 (IPv6)
Command Default None
Command Modes IPv6 ACL configuration
dscp dscp (Optional) Specifies that the rule matches only packets with the specified
6-bit differentiated services value in the DSCP field of the IPv6 header. The
dscp argument can be one of the following numbers or keywords:
• 0–63—The decimal equivalent of the 6 bits of the DSCP field. For
example, if you specify 10, the rule matches only packets that have the
following bits in the DSCP field: 001010.
• af11—Assured Forwarding (AF) class 1, low drop probability (001010)
• af12—AF class 1, medium drop probability (001100)
• af13—AF class 1, high drop probability (001110)
• af21—AF class 2, low drop probability (010010)
• af22—AF class 2, medium drop probability (010100)
• af23—AF class 2, high drop probability (010110)
• af31—AF class 3, low drop probability (011010)
• af32—AF class 3, medium drop probability (011100)
• af33—AF class 3, high drop probability (011110)
• af41—AF class 4, low drop probability (100010)
• af42—AF class 4, medium drop probability (100100)
• af43—AF class 4, high drop probability (100110)
• cs1—Class-selector (CS) 1, precedence 1 (001000)
• cs2—CS2, precedence 2 (010000)
• cs3—CS3, precedence 3 (011000)
• cs4—CS4, precedence 4 (100000)
• cs5—CS5, precedence 5 (101000)
• cs6—CS6, precedence 6 (110000)
• cs7—CS7, precedence 7 (111000)
• default—Default DSCP value (000000)
• ef—Expedited Forwarding (101110)
fragments (Optional) Specifies that the rule matches noninitial fragmented packets
only. The device considers noninitial fragmented packets to be packets with
a fragment extension header that contains a fragment offset that is not equal
to zero. You cannot specify this keyword in the same rule that you specify
Layer 4 options, such as a TCP port number, because the information that the
devices requires to evaluate those options is contained only in initial
fragments.
To Next Page
Loading...
