CLI Reference Guide-R02

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+/Lite L3 10G Ethernet Aggregation Switch with 2 40G Uplinks

371

372

373

374

375

376

377

378

379

380

Table Of Contents

Chapter 10

| Access Control Lists

IPv6 ACLs

– 376 –

Example

This example configures one permit rule for the specific address 2009:DB9:2229::79

and another rule for the addresses with the network prefix 2009:DB9:2229:5::/64.

Console(config-std-ipv6-acl)#permit host 2009:DB9:2229::79

Console(config-std-ipv6-acl)#permit 2009:DB9:2229:5::/64

Console(config-std-ipv6-acl)#

Related Commands

access-list ipv6 (374)

Time Range (167)

permit, deny

(Extended IPv6 ACL)

This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition

for packets with specific source or destination IP addresses, or next header type.

Use the no form to remove a rule.

Syntax

{permit | deny} [next-header | icmp | tcp | udp]

{any | host source-ipv6-address | source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[next-header next-header [[source-port sport [bitmask]] | [destination-port

dport [port-bitmask]] | [time-range time-range-name] | [dscp dscp]]

[icmp-type icmp-type}

[time-range time-range-name]

[dscp dscp]

no {permit | deny} [next-header | icmp | tcp | udp]

{any | host source-ipv6-address |

source-ipv6-address[/prefix-length]}

{any | destination-ipv6-address[/prefix-length]}

[next-header next-header [[source-port sport [bitmask]] | [destination-port

dport [port-bitmask]] | [time-range time-range-name] | [dscp dscp]]

[icmp-type icmp-type}

[time-range time-range-name]

[dscp dscp]

next-header - The type of header immediately following the IPv6 header.

(Range: 0-255)

icmp – Specifies the next header as ICMP.

tcp – Specifies the next header as TCP.

udp – Specifies the next header as UDP.

any – Any IP address (an abbreviation for the IPv6 prefix ::/0).

host – Keyword followed by a specific source IP address.

source-ipv6-address - An IPv6 source address or network class. The address

must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”

using 8 colon-separated 16-bit hexadecimal values. One double colon may