Chapter 9
| Access Control Lists
IPv6 ACLs
– 279 –
Command Usage
New rules are appended to the end of the list.
Example
This example configures one permit rule for the specific address 2009:DB9:2229::79
and another rule for the addresses with the network prefix 2009:DB9:2229:5::/64.
Console(config-std-ipv6-acl)#permit host 2009:DB9:2229::79
Console(config-std-ipv6-acl)#permit 2009:DB9:2229:5::/64
Console(config-std-ipv6-acl)#
Related Commands
access-list ipv6 (277)
Time Range (128)
permit, deny,
redirect-to
(Extended IPv6 ACL)
This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition
for packets with specific source or destination IP addresses, or next header type.
Use the no form to remove a rule.
Syntax
{permit | deny | redirect-to interface}
{any | host source-ipv6-address |
source-ipv6-address[/prefix-length]}
{any | destination-ipv6-address/prefix-length}
[dscp dscp] [next-header next-header]
[time-range time-range-name]
no {permit | deny} {any | host source-ipv6-address |
source-ipv6-address[/prefix-length]}
{any | destination-ipv6-address/prefix-length}
[dscp dscp] [next-header next-header]
interface
ethernet unit/port
unit - Unit identifier. (Range: 1)
port - Port number. (Range: 1-28/52)
any – Any IP address (an abbreviation for the IPv6 prefix ::/0).
host – Keyword followed by a specific source IP address.
source-ipv6-address - An IPv6 source address or network class. The address
must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”
using 8 colon-separated 16-bit hexadecimal values. One double colon may
be used in the address to indicate the appropriate number of zeros
required to fill the undefined fields.
destination-ipv6-address - An IPv6 destination address or network class. The
address must be formatted according to RFC 2373 “IPv6 Addressing
To Next Page
Loading...
