Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series

671

672

673

674

675

676

677

678

679

680

Access Control Lists 675

[

sequence-number

]

{deny | permit} {ipv6-

protocol | number |

every} {

source-ipv6-

prefix/prefix-length

| any

host source-ipv6-

address

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

}]

{

destination-ipv6-

prefix/prefix-length

| any

host destination-ipv6-

address

} [{range

{

portkey

startport

}

{

portkey

endport

} |

{eq | neq | lt | gt}

{

portkey

0-65535

}]

[flag [+fin | -fin] [+syn

| -syn] [+rst | -rst]

[+psh | -psh] [+ack | -

ack] [+urg | -urg]

[established]] [flow-

label

value

] [icmp-type

icmp-type

[icmp-code

icmp-code

] | icmp-

message

icmp-message

]

[routing] [fragments]

[dscp

dscp

]}} [log]

[assign-queue

queue-id

]

[{mirror | redirect}

unit/slot/port

] [rate-

limit

rate burst-size

]

•

sequence-number

— Identifies the order of application

of the permit/deny statement. If no sequence number is

assigned, permit/deny statements are assigned a sequence

number beginning at 1000 and incrementing by 10.

Statements are applied in hardware beginning with the

lowest sequence number. Sequence numbers are

applicable only within an access group; i.e., the ordering

applies within the access-group scope. The range for

sequence numbers is 1–2147483647.

•{

deny | permit

} — Specifies whether the IP ACL rule

permits or denies the matching traffic.

•{

ipv6-protocol

number

every

} — Specifies the

protocol to match for the IP ACL rule.

– IPv4 protocols:

icmpv6, ipv6, tcp and udp

–

every

: Match any protocol (don’t care)

•

source-ipv6-prefix

prefixlength

any

host

src-ipv6-

address

— Specifies a source IP address and netmask to

match for the IP ACL rule.

– For IPv6 ACLs,

any

implies a 0::/128 prefix and a mask

of all ones.

– Specifying “host X::X” implies a prefix length as “/128”

and a mask of 0::/128.

•[{

range

{

portkey

startport

} {

portkey

endport

} | {

neq

} {

portkey

0-65535

}] — Specifies the

layer-4 destination port match condition for the

IP/TCp/UDP ACL rule. A destination port number,

which ranges from 0-65535, can be entered, or a

portkey

which can be one of the following keywords:

bgp

domain

echo

ftp

ftp-data

http

ntp

pop2

pop3

rip

smtp

snmp

telnet

tftp

telnet

time

who

, and

www

. Each of

these keywords translates into its equivalent destination

port number.

– When

range

is specified, IPv6 ACL rule matches only if

the layer-4 port number falls within the specified port

range. The

startport

and

endport

parameters identify

the first and last ports that are part of the port range.

They have values from 0 to 65535. The ending port

must have a value equal or greater than the starting

port. The starting port, ending port, and all ports in

between will be part of the layer-4 port range.

Command Purpose