16
rule [ rule-id ] { deny |
permit } [ fragment | logging
| source { ipv6-address
prefix-length |
ipv6-address/prefix-length |
any } | time-range
time-range-name ] *
Required
By default, an IPv6 basic
ACL does not contain any
rule.
To create or edit multiple
rules, repeat this step.
The logging keyword takes
effect only when the
module using the ACL
supports logging.
Configure or edit a rule
description
rule rule-id comment text
Optional
By default, an IPv6 basic
ACL rule has no rule
description.
Configuring an advanced ACL
Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on source and destination IP addresses,
protocols over IP, and other protocol header information, such as TCP/UDP source and
destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
IPv4 advanced ACLs also allow you to filter packets based on three priority criteria: type
of service (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.
Compared with IPv4 basic ACLs, IPv4 advanced ACLs allow of more flexible and
accurate filtering.
Follow these steps to configure an IPv4 advanced ACL:
Create an IPv4 advanced
ACL and enter its view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
Required
By default, no ACL exists.
IPv4 advanced ACLs are
numbered in the range 3000
to 3999.
You can use the acl name
acl-name command to
enter the view of an existing
named IPv4 ACL.
To Next Page
Loading...
Need help?
General
