User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

571

572

573

574

575

576

577

578

579

580

576

Chapter 83 IPv6 ACL Configuration

83.1 IPv6 ACL Configuration

83.1.1 Filtering IPv6 Packets

Filtering IPv6 packets helps the control packet run in the network. Such control can limit network transmission

and network running by a certain user or device. For enabling or disabling packets from the cross designated

port, we provide with ACL. You can use IPv6 ACL as follows:

(12) Limit of packet transmission on the port

(13) Limit of virtual terminal line access

(14) Limit of the route update

This chapter summarizes how to set up IPv6 ACL and how to apply them.

IPv6 ACL is a well-organized set which applies enable/disable of IPv6 address. ROS of the switch will test

addresses in ACL accordingly. The first match determines whether the software accept or refuse the address.

Because after the first match, the software will stop the match rule, the sequence of the condition is important.

If there is no rule to match, the address will be refused.

Steps for using ACL:

 Set up ACL by designating ACL name and ACL conditions.

 Apply ACL to the port.

83.1.2 Setting up IPv6 ACL

Use a character string to set up IPv6 ACL.

Note:

The standard ACL and the expanded ACL cannot be the same.

In order to set up IPv6 ACL, run the following command in the global configuration mode.

Command Purpose

IPv6 access-list

name

Use the name to define an IPv6 ACL.

{deny | permit} protocol {source-ipv6-

prefix/prefix-length | any | host

source-ipv6-address} [operator [port-

number]] {destination-ipv6-

prefix/prefix-length | any | host

destination-ipv6-address} [dscp

value] [flow-label value] [fragments]

[log] [log-input] [routing] [sequence

value] [time-range name]

In the configuration mode of IPv6 ACL,

designate one or multiple enable/disable

conditions. This determines whether to pass

the packet or not. (dscp is used for matching

IPv6 grouping header Traffic Class domain,

flow-label is used for matching Flow Label tag

domain of IPv6 grouping header, fragments is

used for matching fragment grouping when

the grouping expansion header includes

none-0 offset; log means whether to record

log, routing is used for the source grouping of

the route expansion header of IPv6 grouping

header, time-range is used for limit the time

range of ACL.)

Exit

Exit from the configuration mode of ACL.

After setting up ACL, any additional parts will be affiliated to the end of the ACL if no sequence is added to the