1-12
To do… Use the command… Remarks
Create or edit a rule
rule
[ rule-id ] {
deny
|
permit
} protocol
[ {
established
| {
ack
ack-value |
fin
fin-value |
psh
psh-value |
rst
rst-value |
syn
syn-value |
urg
urg-value } * } |
destination
{ dest dest-prefix |
dest/dest-prefix |
any
} |
destination-port
operator port1 [ port2 ]
|
dscp
dscp |
fragment
|
icmpv6-type
{ icmpv6-type icmpv6-code |
icmpv6-message } |
logging
|
source
{ source source-prefix |
source/source-prefix
| any
} |
source-port
operator port1 [ port2 ] |
time-range
time-range-name ] *
Required
By default IPv6 advanced ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the
logging
and
fragment
keywords are not
supported and the operator
argument cannot be:
z neq, if the policy is for the
inbound traffic,
z gt, lt, neq or range, if the
policy is for the outbound
traffic.
Configure or edit a rule
description
rule
rule-id
comment
text
Optional
By default, an IPv6 ACL rule has
no rule description.
Note that:
z You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command but only when it does not contain any rules.
Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To Next Page
Loading...
Need help?
General
