C
HAPTER
26
| Access Control Lists
IPv6 ACLs
– 961 –
to indicate the appropriate number of zeros required to fill the
undefined fields.
prefix-length - A decimal value indicating how many contiguous bits
(from the left) of the address comprise the prefix; i.e., the network
portion of the address. (Range: 0-128 for source prefix, 0-8 for
destination prefix)
dscp – DSCP traffic class. (Range: 0-63)
next-header – Identifies the type of header immediately following
the IPv6 header. (Range: 0-255)
time-range-name - Name of the time range.
(Range: 1-30 characters)
DEFAULT SETTING
None
COMMAND MODE
Extended IPv6 ACL
COMMAND USAGE
◆ All new rules are appended to the end of the list.
◆ Optional internet-layer information is encoded in separate headers that
may be placed between the IPv6 header and the upper-layer header in
a packet. There are a small number of such extension headers, each
identified by a distinct Next Header value. IPv6 supports the values
defined for the IPv4 Protocol field in RFC 1700, including these
commonly used headers:
0 : Hop-by-Hop Options (RFC 2460)
6 : TCP Upper-layer Header (RFC 1700)
17 : UDP Upper-layer Header (RFC 1700)
43 : Routing (RFC 2460)
44 : Fragment (RFC 2460)
51 : Authentication (RFC 2402)
50 : Encapsulating Security Payload (RFC 2406)
60 : Destination Options (RFC 2460)
EXAMPLE
This example accepts any incoming packets if the destination address is
2009:DB9:2229::79/8.
Console(config-ext-ipv6-acl)#permit 2009:DB9:2229::79/8
Console(config-ext-ipv6-acl)#
This allows packets to any destination address when the DSCP value is 5.
Console(config-ext-ipv6-acl)#permit any dscp 5
Console(config-ext-ipv6-acl)#
To Next Page
Loading...
