Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

111

112

113

114

115

116

117

118

119

120

ServerIron ADX NAT64 Configuration Guide 103

53-1002444-02

Configuring IPv6 ACLs

DRAFT: BROCADE CONFIDENTIAL

Table 13 describes the syntax used to configure IPv6 ACLs.

TABLE 13 Syntax descriptions

Syntax Description

ipv6 access-list <acl-name> Enables the IPv6 configuration level and defines the name of the

IPv6 ACL. The <acl-name> can contain up to 199 characters and

numbers, but cannot begin with a number and cannot contain any

spaces or quotation marks.

permit The ACL will permit (forward) packets that match a policy in the ACL.

deny The ACL will deny (drop) packets that match a policy in the ACL.

icmp Indicates the you are filtering ICMP packets.

<protocol> The type of IPv6 packet you are filtering. You can specify a

well-known name for a protocol with a number less than 255. For

other protocols, you must enter the number. Enter “?” instead of a

protocol to list the well-known names recognized by the CLI. IPv6

protocols include:

AHP: Authentication Header

ESP: Encapsulating Security Payload

ICMP: Internet Protocol Message Protocol

IPv6: Internet Protocol version 6

SCTP: Stream Control Transmission Protocol

TCP: Transmission Control Protocol

UDP: User Datagram Protocol

<ipv6-source-prefix/prefix-length>The <ipv6-source-prefix/prefix-length> variable specifies a source

prefix and prefix length that a packet must match for the specified

action (deny or permit) to occur. You must specify the

<ipv6-source-prefix> variable in hexadecimal using 16-bit values

between colons as documented in RFC 2373. You must specify the

<prefix-length> variable as a decimal value. A slash mark (/) must

follow the <ipv6-source-prefix> variable and precede the

<prefix-length> variable.

<ipv6-destination-prefix/prefix-length>The <ipv6-destination-prefix/prefix-length> variable specifies a

destination prefix and prefix length that a packet must match for the

specified action (deny or permit) to occur. You must specify the

<ipv6-destination-prefix> variable in hexadecimal using 16-bit

values between colons as documented in RFC 2373. You must

specify the <prefix-length> variable as a decimal value. A slash

mark (/) must follow the <ipv6-destination-prefix> variable and

precede the <prefix-length> variable.

<source-ipv6-address>

<ipv6-destination-address>

any When specified instead of the <ipv6-source-prefix>/<prefix-length>

or <ipv6-destination-prefix>/<prefix-length> variables, matches any

IPv6 prefix and is equivalent to the IPv6 prefix::/0.

host Allows you specify a host IPv6 address. When you use this

parameter, you do not need to specify the prefix length. A prefix

length of all 128 is implied.

<icmp-message> ICMP packets are filtered by ICMP messages. See the "Configuring

IPv6 ICMP Features" section of the "Configuring IPv6 Connectivity"

chapter of the ServerIron ADX TrafficWorks Switching and Routing

Guide.