202 MES1000, MES2000 Ethernet Switches
(134), nd-ns (135), nd-na (136).
It is used for filtration of ICMP packets. Possible field values:
0–255.
Possible values of the TCP port field: bgp (179),
chargen (19), daytime (13), discard (9), domain (53), drip
(3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd
(515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc
(1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time
(37), uucp (117), whois (43), www (80);
for UDP port biff (512), bootpc (68), bootps (67), discard (9),
dnsix (90), domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), on500-isakmp
(4500), ntp (123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69),
time (37), who (513), xdmcp (177).
Any number (0–65535).
If a flag should be set for a filtration rule, "+" is specified
before the flag; otherwise "-" is specified. Possible flags: +urg,
+ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn, and -fin.
Disables the port which was used to send a packet fulfilling the
requirements of a deny command, which describes the field.
Enables message log registration when a packet is received
which corresponds to the record.
Name of the bit fields list
Specifies that the user templates list should be used for
packets recognition. Every ACL may have its own templates list
defined.
The index indicates position of the rule in a table. The lower
the index, the higher is the priority (1–2,147,483,647).
In order to select the whole range of parameters except dscp and ip-precedence, the any
parameter is used.
As soon as at least one record has been added to ACL, the following last records are added:
permit-icmp any any nd-ns any
permit-icmp any any nd-na any
deny ipv6 any any
The first two of these records enable search of IPv6 devices with the help of the ICMPv6
protocol. The last of them means that all packets, which do not fulfil ACL
requirements, will be ignored.
Table 5.245—Configuration commands for IPv6-based ACLs
permit protocol
{any|source_prefix/length}
{ any|destination_prefix/length}
[dscp dscp | precedence precedence]
[time-range time_name]
[offset-list offset_list_name]
Adds a permit filtration record for a protocol. Packets which fulfil the
record's requirements will be processed by the switch.
permit icmp
{any|source_prefix/length}
{ any|destination_prefix/length}
{any|icmp_type}
{any|icmp_code}
[dscp dscp | precedence precedence]
[time-range time_name]
[offset-list offset_list_name]
Adds a permit filtration record for the ICMP protocol. Packets which fulfil
the record's requirements will be processed by the switch.