204 MES3000 Ethernet switch series
As soon as at least one record has been added to ACL, the following last records are added:
permit-icmp any any nd-ns any
permit-icmp any any nd-na any
deny ipv6 any any
The first two of these records enable search of IPv6 devices with the help of the ICMPv6
protocol. The last of them means that all packets, which do not fulfil ACL
requirements, will be dropped.
Table 5.249 Configuration commands for IPv6-based ACLs
permit protocol
{any|source_prefix/length}
{ any|destination_prefix/length}
[dscp dscp | precedence precedence]
[time-range time_name]
[offset-list offset_list_name]
Adds a permit filtration record for a protocol. Packets which fulfil the
record's requirements will be processed by the switch.
permit icmp
{any|source_prefix/length}
{ any|destination_prefix/length}
{any|icmp_type}
{any|icmp_code}
[dscp dscp | precedence precedence]
[time-range time_name]
[offset-list offset_list_name]
Adds a permit filtration record for the ICMP. Packets which fulfil the
record's requirements will be processed by the switch.
permit tcp
{any|source_prefix/length}
{any | source_port}
{ any|destination_prefix/length}
{any| destination_port}
[dscp dscp | precedence precedence]
[time-range time_name]
[match-all list_of_flags]
[offset-list offset_list_name]
Adds a permit filtration record for the TCP. Packets which fulfil the
record's requirements will be processed by the switch.
permit udp
{any|source_prefix/length}
{any | source_port}
{ any|destination_prefix/length}
{any| destination_port}
[dscp dscp | precedence precedence]
[time-range time_name]
[offset-list offset_list_name]
Adds a permit filtration record for the UDP. Packets which fulfil the
record's requirements will be processed by the switch.
deny protocol
{any|source_prefix/length}
{ any|destination_prefix/length}
[dscp dscp | precedence precedence]
[time-range time_name]
[disable-port|log-input]
[offset-list offset_list_name]
Adds a deny filtration record for a protocol. Packets which fulfil the
record's requirements will be blocked by the switch. If the disable-port
keyword is specified, the physical interface receiving the packet will be
disabled. If the log-input keyword is specified, the physical a message will
be sent to the system log.
deny icmp
{any|source_prefix/length}
{ any|destination_prefix/length}
{any|icmp_type}
{any|icmp_code}
[dscp dscp | precedence precedence]
[time-range time_name]
[disable-port|log-input]
[offset-list offset_list_name]
Adds a deny filtration record for the ICMP. Packets which fulfil the
record's requirements will be blocked by the switch. If the disable-port
keyword is specified, the physical interface receiving the packet will be
disabled. If the log-input keyword is specified, the physical a message will
be sent to the system log.
To Next Page
Loading...
