Configuring Access Control Lists 537
Configuring an IPv6 ACL
Beginning in Privileged EXEC mode, use the following commands to create
an IPv6 ACL, configure rules for the ACL, and bind the ACL to an interface.
show mac access-lists
[
name
]
Display all MAC access lists and all of the rules that are
defined for the MAC ACL. Use the optional
name
parameter to identify a specific MAC ACL to display.
Command Purpose
configure Enter global configuration mode.
ipv6 access-list
name
Create a named IPv6 ACL. This command also enters IPv6
Access List Configuration mode. If an IPv6 ACL with this
name already exists, this command enters the mode to
update the existing ACL.
{permit | deny} {every |
{{icmp | igmp | ipv6 |
tcp | udp |
number
}
{any |
source ipv6
prefix/prefix length
} [eq
{
portkey
|
portvalue
}]
{any |
destination ipv6
prefix/prefix length
} [eq
{
portkey
|
portvalue
}]
[flow-label
value
] [dscp
dscp
]}} [log] [time-
range
time-range-name
]
[assign-queue
queue-id
]
[{mirror | redirect}
interface
]
Specify the match conditions for the IPv6 access list.
•
deny
|
permit
— Specifies whether the IP ACL rule
permits or denies an action.
•
every
— Allows all protocols.
•
number
— Standard protocol number or protocol
keywords
icmp
,
igmp
,
ipv6
,
tcp
,
udp
.
•
source ipv6 prefix
— IPv6 prefix in IPv6 global address
format.
•
prefix-length
— IPv6 prefix length value.
•
eq
— Equal. Refers to the Layer 4 port number being
used as a match criteria. The first reference is source
match criteria, the second is destination match criteria.
•
portkey
— Or you can specify the portkey, which can be
one of the following keywords:
domain
,
echo
,
efts
,
ftpdata
,
http
,
smtp
,
snmp
,
telnet
,
tftp
, and
www
.
•
portvalue
— The source layer 4 port match condition for
the ACL rule is specified by the port value parameter.
(Range: 0–65535).
Command Purpose
To Next Page
Loading...
