28
Parameters Function Description
established
Specifies the flags
for indicating the
established status of
a TCP connection.
Parameter specific to TCP.
The rule matches TCP packets with the ACK or RST flag bit set.
If the protocol argument is icmpv6 (58), set the parameters shown in Table 13.
Table 13 ICMPv6-specific parameters for IPv6 advanced ACL rules
Parameters Function Description
icmp6-type
{ icmp6-type
icmp6-code |
icmp6-message }
Specifies the ICMPv6
message type and
code.
The icmp6-type argument is in the range of 0 to 255.
The icmp6-code argument is in the range of 0 to 255.
The icmp6-message argument specifies a message
name. Supported ICMP message names and their
corresponding type and code values are listed in Table
14.
Table 14 ICMPv6 message names supported in IPv6 advanced ACL rules
ICMPv6 message name ICMPv6 message type ICMPv6 message code
echo-reply 129 0
echo-request 128 0
err-Header-field 4 0
frag-time-exceeded 3 1
hop-limit-exceeded 3 0
host-admin-prohib 1 1
host-unreachable 1 3
neighbor-advertisement 136 0
neighbor-solicitation 135 0
network-unreachable 1 0
packet-too-big 2 0
port-unreachable 1 4
redirect 137 0
router-advertisement 134 0
router-solicitation 133 0
unknown-ipv6-opt 4 2
unknown-next-hdr 4 1
Usage guidelines
If an IPv6 advanced ACL is used for outbound QoS traffic classification or packet filtering, do not
specify the flow-label parameter.
If an IPv6 advanced ACL is used for packet filtering, do not specify the fragment keyword.
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
To Next Page
Loading...
