Quick Reference Guide
500 IPv6 Access List Commands
– When “gt” is specified, IPv6 ACL rule matches if the layer 4
destination port number is greater than the specified port number or
portkey. It is equivalent to specifying the range as <specified port
number + 1> to 65535.
– When “neq” is specified, IPv6 ACL rule matches only if the layer 4
destination port number is not equal to the specified port number or
portkey.
– IPv6 TCP port names:
bgp, domain, echo, ftp, ftp-data, http, smtp,
telnet, www, pop2, pop3
– IPv6 UDP port names:
domain, echo, ntp, rip, snmp, time, who
•
destination-ipv6-prefix
/
prefix-length
|
any
|
host
destination-ipv6-
address
—Specifies a destination IP address and netmask for match
condition of the IP ACL rule.
– For IPv6 ACLs, “any” implies 0::/128 prefix and a mask of all ones.
– Specifying host implies prefix length as “/128” and a mask of 0::/128.
• [precedence
precedence
| tos
tos
[
tosmask
] | dscp
dscp
]—Specifies the
TOS for an IP/TCP/UDP ACL rule depending on a match of precedence
or DSCP values using the parameters dscp, precedence, or tos tosmask.
• flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack]
[+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule
matches on the TCP flags.
– When “+<tcpflagname>
” is
specified, a match occurs if specified
<tcpflagname> flag is set in the TCP header.
– When “-<tcpflagname>
” is
specified, a match occurs if specified
<tcpflagname> flag is *NOT* set in the TCP header.
– When “established
” is
specified, a match occurs if specified either
RST or ACK bits are set in the TCP header.
– This option is visible only if the protocol is tcp.
–
Ack
– Acknowledgement bit
–
Fin
– Finished bit
–
Psh
– push bit
–
Rst
– reset bit
–
Syn
– Synchronize bit
2CSNXXX_SWUM200.book Page 500 Tuesday, December 10, 2013 1:22 PM