Command Reference ACL Commands
Address Resolution Protocol (ARP)
[sn] deny arp {vid vlan-id}[ source-mac-address source-wildcard |host source-mac-address | any]
[host destination –mac-address | any] {sender-ip sender-ip–wildcard | host sender-ip | any}
{sender-mac sender-mac-wildcard | host sender-mac | any} {target-ip target-ip–wildcard | host
target-ip | any}
5. Extended IPv6 ACL
[sn] deny protocol{source-ipv6-prefix/prefix-length | any | host source-ipv6-address }
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended ipv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn]de
ny icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] deny tcp {source-ipv6-prefix / prefix-length | hostsource-ipv6-address | any}[operator port[port]]
{destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any} [operator port [port]]
[dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range time-range-name]
[match-all tcp-flag | est
ablished]
User Datagram Protocol (UDP)
[sn] deny udp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port
[port]] {destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any}[operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range
time-range-name]
Parameter
Description
Parameter Description
sn
ACL entry sequence number
source-ipv6-prefix
Source IPv6 network address or network type
destination-ipv6-prefix
Destination IPv6 network address or network type
prefix-length
Prefix mask length
source-ipv6-address
Source IPv6 address
destination-ipv6-address
Destination IPv6 address
dscp
Differential Service Code Point
dscp
Code value, within the range of 0 to 63
flow-label
Flow label
flow-label
Flow label value, within the range of 0 to 1048575.
protocol
For the IPv6, the field can be ipv6 | icmp | tcp | udp and number in the
range 0 to 255
time-range
Time range of the packet filtering
time-range-name
Time range name of the packet filtering
Defaults
No entry
To Next Page
Loading...
Need help?
General
