Reference Guide
701
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Contax
CLI\files\ACL.fm
DELL CONFIDENTIAL – PRELIMINARY 2013 - FOR PROOF ONLY
•
match-all
list-of-flag
—List of TCP flags that should occur. If a flag should
be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”.
Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,
-rst, -syn and -fin. The flags are concatenated to a one string. For example:
+fin-ack.
• time-range-name
—Name of the time range that applies to this permit
statement. (Range: 1–32)
Default
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. You
can define up to #ASIC-specific ranges for TCP and up to #ASIC-specific
ranges for UDP. If a range of ports is used for a source port in ACE it would be
not be counted again if it is also used for a source port in another ACE. If a
range of ports is used for destination port in ACE it would be not be counted
again if it is also used for destination port in another ACE.
If a range of ports is used for source port it would be counted again if it is also
used for destination port.
Example
console(config)# ipv6 access-list server
console(config-ipv6-al)#
permit
tcp 3001::2/64 any any 80
deny ( IPv6 )
Use the deny command in IPv6 access list configuration mode to set permit
conditions for IPv6 access list.