C
HAPTER
13
| Security Measures
Access Control Lists
– 362 –
CONFIGURING AN
EXTENDED IPV6 ACL
Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page
to configure an Extended IPv6 ACL.
CLI REFERENCES
◆ "permit, deny (Extended IPv6 ACL)" on page 960
◆ "show ipv6 access-list" on page 963
◆ "Time Range" on page 762
PARAMETERS
These parameters are displayed in the web interface:
◆ Type – Selects the type of ACLs to show in the Name list.
◆ Name – Shows the names of ACLs matching the selected type.
◆ Action – An ACL can contain any combination of permit or deny rules.
◆ Source/Destination Address Type – Specifies the source or
destination IP address type. Use “Any” to include all possible addresses,
or “IPv6-Prefix” to specify a range of addresses. (Options: Any, IPv6-
Prefix; Default: Any)
◆ Source/Destination IPv6 Address – An IPv6 address or network
class. The address must be formatted according to RFC 2373 “IPv6
Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal
values. One double colon may be used in the address to indicate the
appropriate number of zeros required to fill the undefined fields.
◆ Source/Destination Prefix-Length – A decimal value indicating how
many contiguous bits (from the left) of the address comprise the prefix;
i.e., the network portion of the address. (Range: 0-128 bits for the
source address; 0-8 bits for the destination address)
◆ DSCP – DSCP traffic class. (Range: 0-63)
◆ Next Header – Identifies the type of header immediately following the
IPv6 header. (Range: 0-255)
Optional internet-layer information is encoded in separate headers that
may be placed between the IPv6 header and the upper-layer header in
a packet. There are a small number of such extension headers, each
identified by a distinct Next Header value. IPv6 supports the values
defined for the IPv4 Protocol field in RFC 1700, and includes these
commonly used headers:
0 : Hop-by-Hop Options (RFC 2460)
6 : TCP Upper-layer Header (RFC 1700)
17 : UDP Upper-layer Header (RFC 1700)
43 : Routing (RFC 2460)
44 : Fragment (RFC 2460)
50 : Encapsulating Security Payload (RFC 2406)
51 : Authentication (RFC 2402)
60 : Destination Options (RFC 2460)
To Next Page
Loading...
Need help?
General
