User Manual
IPv6 Access Control Lists (ACLs)
Configuration Commands
[ icmp-type-name ]
These name options are an alternative to the [icmp-type
[ icmp-code] ] methodology described above. For more infor-
mation, visit the IANA website cited above.
cert-path-advertise mobile-advertise
cert-path-solicit mobile-solicit
destination-unreachable nd-na
echo-reply nd-ns
echo-request node-info
home-agent-reply node-query
home-agent-request packet-too-big
inv-nd-na parameter-problem
inv-nd-ns redirect
mcast-router-advertise router-advertisement
mcast-router-solicit router-renum
mcast-router-terminate router-solicitation
mld-done time-exceeded
mld-query ver2-mld-report
mld-report
Example of an IPv6 ACL Configuration. Suppose that you wanted to
implement the following IPv6 traffic policy on a switch connecting two
workgroups on the same VLAN to dedicated servers and to a campus intranet
(figure 8-11 on page 8-57):
■ Permit full IPv6 access for the management station.
■ For traffic from the workgroup at 2001:db8::1:20:0/121:
• Deny Telnet access to server “1” (2001:db8::1:10:3).
• Deny the workgroup any IPv6 access to server “2” (2001:db8::1:10:4).
■ For traffic from the workgroup at 2001:db8::1:30:0/121:
• Deny Telnet access to server “2” (2001:db8::1:10:4).
• Deny the workgroup any IPv6 access to server (2001:db8::1:10:3).
■ Deny inbound ICMP multicast-router-solicitations from all switches
on the VLAN.
■ Permit all other IPv6 traffic. (Supersedes the implicit deny ipv6 any any
at the end of the ACL, which would deny any IPv6 traffic not filtered
by the configured ACEs in the ACL.)
8-56