CLI Reference Guide-R05

ManualsBrandsEdgecore Networks ManualsEnterpriseL2 Gigabit Ethernet Carrier Grade Switch

351

352

353

354

355

356

357

358

359

360

Table Of Contents

Chapter 10

| Access Control Lists

IPv6 ACLs

– 353 –

permit, deny

(Extended IPv6 ACL)

This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition

for packets with specific source or destination IP addresses, or next header type.

Use the no form to remove a rule.

Syntax

[no] {permit | deny} next-header

{any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[dscp dscp]

{permit | deny} udp

{any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[dscp dscp] [next-header next-header]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

[time-range time-range-name]

no {permit | deny} udp

{

any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[dscp dscp]

[next-header next-header]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

{permit | deny} tcp

{any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[dscp dscp]

[source-port sport [bitmask]]

[destination-port dport [port-bitmask]]

[time-range time-range-name]

no {permit | deny} tcp

{any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[dscp dscp]

[source-port sport

[bitmask]]

[destination-port dport [port-bitmask]]

any – Any IP address (an abbreviation for the IPv6 prefix ::/0).

host – Keyword followed by a specific source IP address.

source-ipv6-address - An IPv6 source address or network class. The address

must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”

using 8 colon-separated 16-bit hexadecimal values. One double colon may

be used in the address to indicate the appropriate number of zeros

required to fill the undefined fields.