624 Configuring Access Control Lists
{deny | permit} {ipv6-
protocol | number |
every} {
source-ipv6-
prefix/prefix-length
| any
|
host source-ipv6-
address
} [{range
{
portkey
|
startport
}
{
portkey
|
endport
} |
{eq | neq | lt | gt}
{
portkey
|
0-65535
}]
{
destination-ipv6-
prefix/prefix-length
| any
|
host destination-ipv6-
address
} [{range
{
portkey
|
startport
}
{
portkey
|
endport
} |
{eq | neq | lt | gt}
{
portkey
|
0-65535
}]
[flag [+fin | -fin] [+syn
| -syn] [+rst | -rst]
[+psh | -psh] [+ack | -
ack] [+urg | -urg]
[established]] [flow-
label
value
] [icmp-type
icmp-type
[icmp-code
icmp-code
] | icmp-
message
icmp-message
]
[routing] [fragments]
[dscp
dscp
]}} [log]
[assign-queue
queue-id
]
[{mirror | redirect}
unit/slot/port
] [rate-
limit
rate burst-size
]
•{
deny | permit
}–Specifies whether the IP ACL rule
permits or denies the matching traffic.
•{
ipv6-protocol
|
number
|
every
}—Specifies the protocol
to match for the IP ACL rule.
– IPv4 protocols:
icmpv6, ipv6, tcp and udp
–
Every
: Match any protocol (don’t care)
•
source-ipv6-prefix
/prefixlength |
any | host
src-ipv6-
address
—Specifies a source IP address and netmask to
match for the IP ACL rule.
– For IPv6 ACLs, “any” implies a 0::/128 prefix and a
mask of all ones.
– Specifying “host X::X” implies a prefix length as “/128”
and a mask of 0::/128.
•[{range {
portkey
|
startport
} {
portkey
|
endport
} | {eq |
neq | lt | gt} {
portkey
|
0-65535
}]—Specifies the layer 4
destination port match condition for the IP/TCp/UDP
ACL rule. A destination port number, which ranges from
0-65535, can be entered, or a
portkey
, which can be one of
the following keywords: bgp, domain, echo, ftp, ftp-data,
http, ntp, pop2, pop3, rip, smtp, snmp, telnet, tftp,
telnet, time, who and www. Each of these keywords
translates into its equivalent destination port number.
– When “range” is specified, IPv6 ACL rule matches only
if the layer 4 port number falls within the specified
portrange. The
startport
and
endport
parameters
identify the first and last ports that are part of the port
range. They have values from 0 to 65535. The ending
port must have a value equal or greater than the
starting port. The starting port, ending port, and all
ports in between will be part of the layer 4 port range.
– When “eq” is specified, IPv6 ACL rule matches only if
the layer 4 port number is equal to the specified port
number or portkey.
– When “lt” is specified, IPv6 ACL rule matches if the
layer 4 destination port number is less than the
specified port number or portkey. It is equivalent to
specifying the range as 0 to <specified port number –
1>.
Command Purpose
To Next Page
Loading...
Need help?
General
