310 IPv6 Access List Commands
•
eq
— Equal. Refers to the Layer 4 port number being used as a match criteria. The first
reference is source match criteria, the second is destination match criteria.
•
portkey
— Or you can specify the portkey, which can be one of the following keywords:
domain
,
echo
,
efts
,
ftpdata
,
http
,
smtp
,
snmp
,
telnet
,
tftp
, and
www
.
•
portvalue
— The source layer 4 port match condition for the ACL rule is specified by the port
value parameter. (Range: 0–65535).
•
destination ipv6 prefix
— IPv6 prefix in IPv6 global address format.
•
flow label
value
— The value to match in the Flow Label field of the IPv6 header (Range
0–1048575).
•
dscp
dscp
— Specifies the TOS for an IPv6 ACL rule depending on a match of DSCP values
using the parameter dscp.
•
log
— Specifies that this rule is to be logged.
•
assign-queue
queue-id
— Specifies particular hardware queue for handling traffic that
matches the rule. (Range: 0-6)
•
mirror
interface
— Allows the traffic matching this rule to be copied to the specified
interface.
•
redirect
interface
— This parameter allows the traffic matching this rule to be forwarded to
the specified interface.
Default Configuration
This command has no default configuration.
Command Mode
Ipv6-Access-List Configuration mode
User Guidelines
Users are permitted to add rules, but if a packet does not match any user-specified rules, the
packet is dropped by the implicit “deny all” rule.
The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be
deleted individually. Rather, the entire IPv6 ACL must be deleted and re specified.
Example
The following example creates rules in an IPv6 ACL named “STOP_HTTP” to discard any
HTTP traffic from the 2001:DB8::/32 network, but allow all other traffic from that network:
console(config)#ipv6 access-list STOP_HTTP
console(Config-ipv6-acl)#deny ipv6 2001:DB8::/32 any eq http
console(Config-ipv6-acl)#permit ipv6 2001:DB8::/32 any
To Next Page
Loading...
