Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1821

1764 FastIron Configuration Guide

53-1002494-02

Creating an IPv6 ACL

<ipv6-source-prefix>/<prefix-length

The <ipv6-source-prefix>/<prefix-length> parameter specify a source prefix

and prefix length that a packet must match for the specified action (deny or

permit) to occur. You must specify the <ipv6-source-prefix> parameter in

hexadecimal using 16-bit values between colons as documented in RFC

2373. You must specify the <prefix-length> parameter as a decimal value. A

slash mark (/) must follow the <ipv6-prefix> parameter and precede the

<prefix-length> parameter.

<ipv6-destination-prefix>/<prefix-le

ngth>

The <ipv6-destination-prefix>/<prefix-length> parameter specify a

destination prefix and prefix length that a packet must match for the

specified action (deny or permit) to occur. You must specify the

<ipv6-destination-prefix> parameter in hexadecimal using 16-bit values

between colons as documented in RFC 2373. You must specify the

<prefix-length> parameter as a decimal value. A slash mark (/) must follow

the <ipv6-prefix> parameter and precede the <prefix-length> parameter

any When specified instead of the <ipv6-source-prefix>/<prefix-length> or

<ipv6-destination-prefix>/<prefix-length> parameters, matches any IPv6

prefix and is equivalent to the IPv6 prefix::/0.

host Allows you specify a host IPv6 address. When you use this parameter, you do

not need to specify the prefix length. A prefix length of all128 is implied.

tcp-udp-operator The <tcp-udp-operator> parameter can be one of the following:

• eq – The policy applies to the TCP or UDP port name or number you

enter after eq.

• gt – The policy applies to TCP or UDP port numbers greater than the

port number or the numeric equivalent of the port name you enter after

gt. Enter "?" to list the port names.

• lt – The policy applies to TCP or UDP port numbers that are less than

the port number or the numeric equivalent of the port name you enter

after lt.

• neq – The policy applies to all TCP or UDP port numbers except the port

number or port name you enter after neq.

• range – The policy applies to all TCP port numbers that are between

the first TCP or UDP port name or number and the second one you

enter following the range parameter. The range includes the port

names or numbers you enter. For example, to apply the policy to all

ports between and including 23 (Telnet) and 53 (DNS), enter the

following range 23 53. The first port number in the range must be

lower than the last number in the range.

The <source-port number> and <destination-port-number> for the

tcp-udp-operator is the number of the port.

TABLE 287 Syntax descriptions (Continued)

IPv6 ACL arguments Description