Reference Guide
IPv6 Access Control Lists (IPv6 ACLs) | 723
Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port
operators (
gt, lt, range) may require more than one entry. The range of ports is configured in
the CAM based on bitmask boundaries; the space required depends on exactly what ports are
included in the range.
For example, an ACL rule with TCP port
range 4000 - 8000 uses 8 entries in the CAM:
Rule# Data Mask From To #Covered
1 0000111110100000 1111111111100000 4000 4031 32
2 0000111111000000 1111111111000000 4032 4095 64
3 0001000000000000 1111100000000000 4096 6143 2048
4 0001100000000000 1111110000000000 6144 7167 1024
5 0001110000000000 1111111000000000 7168 7679 512
6 0001111000000000 1111111100000000 7680 7935 256
7 0001111100000000 1111111111000000 7936 7999 64
8 0001111101000000 1111111111111111 8000 8000 1
Total Ports: 4001
But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
permit udp
c e s
Configure a filter to pass UDP packets meeting the filter criteria.
Syntax
permit udp {source address mask | any | host ipv6-address} [operator port [port]] {destination
address
| any | host ipv6-address} [operator port [port]] [count [byte]] | [log] [monitor]
To remove this filter, you have two choices:
• Use the
no seq sequence-number command syntax if you know the filter’s
sequence number or
• Use the
no permit udp {source address mask | any | host ipv6-address} {destination
address
| any | host ipv6-address} command.
Parameters
permit Assign a permit filter for IPv6 packets.
permit udp Assign a permit filter for UDP packets.
source address
Enter the IPv6 address of the network or host from which the packets
were sent in the x:x:x:x::x format followed by the prefix length in the /x
format.
Range: /0 to /128
The :: notation specifies successive hexadecimal fields of zero.
mask
Enter a network mask in /prefix format (/x).