18
Create an IPv6
advanced ACL and
enter its view
acl ipv6 number acl6-number
[ name acl6-name ]
[ match-order { auto | config } ]
Required
By default, no ACL exists.
IPv6 advanced ACLs are
numbered in the range
3000 to 3999.
You can use the acl ipv6
name acl6-name
command to enter the
view of an existing named
IPv6 ACL.
Configure a description
for the IPv6 advanced
ACL
Optional
By default, an IPv6
advanced ACL has no
ACL description.
Set the rule numbering
step
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
destination { dest dest-prefix |
dest/dest-prefix | any } |
destination-port operator port1
[ port2 ] | dscp dscp | fragment
| icmp6-type { icmp6-type
icmp6-code | icmp6-message }
| logging | source { source
source-prefix |
source/source-prefix | any } |
source-port operator port1
[ port2 ] | time-range
time-range-name ] *
Required
By default IPv6 advanced
ACL does not contain any
rule.
To create or edit multiple
rules, repeat this step.
The logging keyword takes
effect only when the
module using the ACL
supports logging.
Configure or edit a rule
description
rule rule-id comment text
Optional
By default, an IPv6
advanced ACL rule has no
rule description.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2
protocol header fields such as source MAC address, destination MAC address, 802.1p
priority (VLAN priority), and link layer protocol type.
To Next Page
Loading...
Need help?
General
