Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
311312313314315316317318319320
Chapter 13. ACLs | 311
NETGEAR 8800 User Manual
IPv6 Traffic with L4 Match Conditions
If you apply an ACL policy intended to match IPv6 packets using an ACL that specifies L4
conditions, the traffic will not be matched. For example, the following ACL:
entry destIp {
if {
protocol tcp;
destination-port 120 - 150;
}
then {
permit;
count destIp;
}
}
will not match any IPv6 packets. For IPv6 packets to match, you must add a match condition
that includes all IPv6 L3 addresses. For example, you would change the ACL entry to:
entry destIp {
if {
source-address 0::0/0;
protocol tcp;
destination-port 120 - 150;
}
then {
permit;
count destIp;
}
}
Fragmented packet handling
One keyword is used to support fragmentation in ACLs: first-fragments—FO == 0.
range A range of numeric values. To specify the numeric range, use the notation:
number
- number
bit-field Used to match specific bits in an IP packet, such as TCP flags and the fragment flag.
mac-address 6-byte hardware address.
Table 32. ACL Match Condition Data Types
Condition Data Type Description