Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1821

FastIron Configuration Guide 1763

53-1002494-02

Creating an IPv6 ACL

TABLE 287 Syntax descriptions

IPv6 ACL arguments Description

ipv6 access-list <ACL name> Enables the IPv6 configuration level and defines the name of the IPv6 ACL.

The <ACL name> can contain up to 199 characters and numbers, but

cannot begin with a number and cannot contain any spaces or quotation

marks.

permit The ACL will permit (forward) packets that match a policy in the access list.

deny The ACL will deny (drop) packets that match a policy in the access list.

icmp Indicates the you are filtering ICMP packets.

protocol The type of IPv6 packet you are filtering. You can specify a well-known name

for some protocols whose number is less than 255. For other protocols, you

must enter the number. Enter “?” instead of a protocol to list the well-known

names recognized by the CLI. IPv6 protocols include

AHP – Authentication Header

ESP – Encapsulating Security Payload

IPv6 – Internet Protocol version 6

SCTP – Stream Control Transmission Protocol

<ipv6-source-prefix>/<prefix-length

The <ipv6-source-prefix>/<prefix-length> parameter specify a source prefix

and prefix length that a packet must match for the specified action (deny or

permit) to occur. You must specify the <ipv6-source-prefix> parameter in

hexadecimal using 16-bit values between colons as documented in RFC

2373. You must specify the <prefix-length> parameter as a decimal value. A

slash mark (/) must follow the <ipv6-prefix> parameter and precede the

<prefix-length> parameter.

<ipv6-destination-prefix>/<prefix-le

ngth>

The <ipv6-destination-prefix>/<prefix-length> parameter specify a

destination prefix and prefix length that a packet must match for the

specified action (deny or permit) to occur. You must specify the

<ipv6-destination-prefix> parameter in hexadecimal using 16-bit values

between colons as documented in RFC 2373. You must specify the

<prefix-length> parameter as a decimal value. A slash mark (/) must follow

the <ipv6-prefix> parameter and precede the <prefix-length> parameter

any When specified instead of the <ipv6-source-prefix>/<prefix-length> or

<ipv6-destination-prefix>/<prefix-length> parameters, matches any IPv6

prefix and is equivalent to the IPv6 prefix::/0.

host Allows you specify a host IPv6 address. When you use this parameter, you do

not need to specify the prefix length. A prefix length of all128 is implied.

icmp-type ICMP packets can be filtered by ICMP message type. The type is a number

from 0 to 255.

icmp code ICMP packets, which are filtered by ICMP message type can also be filtered

by the ICMP message code. The code is a number from 0 to 255,

icmp-message ICMP packets are filtered by ICMP messages. Refer to “ICMP message

configurations” on page 1766 for a list of ICMP message types.

tcp Indicates the you are filtering TCP packets.

udp Indicates the you are filtering UDP packets.