678 IPv6 Access Control List Commands
An implicit deny all IPv6 rule always terminates the access list.
The
time-range
parameter allows imposing time limitation on the IPv6 ACL
rule as defined by the parameter
time-range-name. If a time range with the
specified name does not exist and the IPv6 ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied
immediately. If a time range with specified name exists and the IPv6 ACL
containing this ACL rule is applied to an interface or bound to a VLAN, then the
ACL rule is applied when the time-range with specified name becomes active.
The ACL rule is removed when the time-range with specified name becomes
inactive. For information about configuring time ranges, see “Time Range
Commands for Time-Based ACLs” on page 687.
The assign-queue parameter allows specification of a particular hardware queue
for handling traffic that matches this rule. The allowed
queue-id value is 0-(n-
1), where
n is the number of user configurable queues available for the hardware
platform. The
assign-queue parameter is valid only for a permit rule.
The
mirror parameter allows the traffic matching this rule to be copied to the
specified slot/port, while the redirect parameter allows the traffic matching this
rule to be forwarded to the specified slot/port. The
assign-queue and
redirect parameters are only valid for a permit rule.
The permit command’s optional attribute rate-limit allows you to permit only
the allowed rate of traffic as per the configured rate in kbps, and burst-size in
kbytes.
IPv6 ACLs have the following limitations:
◆ Port ranges are not supported for egress IPv6 ACLs.
◆ The rate-limit command is not supported for egress IPv6 ACLs.
Parameter Description
{deny | permit}
Specifies whether the IPv6 ACL rule permits or
denies the matching traffic.
Every
Specifies to match every packet.
{
protocolkey
|
number
}
Specifies the protocol to match for the IPv6 ACL
rule. The current list is:
icmpv6, ipv6, tcp, and
udp.
To Next Page
Loading...
