CLI Guide
Layer 2 Switching Commands 562
deny | permit (IPv6 ACL)
This command creates a new rule for the current IPv6 access list. Each rule is
appended to the list of configured rules for the list.
Syntax
[sequence-number] deny | permit (IPV6 ACL)
[sequence number] {deny | permit} {ipv6-protocol | number | every}
{source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [{range
{portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-
65535}] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-
address} [{range {portkey | startport} {portkey | endport} | {eq | neq | lt |
gt} {portkey | 0-65535}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh
| -psh] [+ack | -ack] [+urg | -urg] [established]] [flow-label value] [icmp-
type icmp-type [icmp-code icmp-code] | icmp-message icmp-message]
[routing] [fragments] [dscp dscp]}} [time-range time-range-name] [log]
[assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit rate
burst-size]
no [sequence-number]
• sequence-number — Identifies the order of application of the permit/deny
statement. If no sequence number is assigned, permit/deny statements are
assigned a sequence number beginning at 1000 and incrementing by 10.
Statements are applied in hardware beginning with the lowest sequence
number. Sequence numbers only have applicability within an access group,
i.e. the ordering applies within the access-group scope. The range for
sequence numbers is 1– 2147483647.
•{deny | permit}–Specifies whether the IP ACL rule permits or denies the
matching traffic.
• {ipv6-protocol | number| every }—Specifies the protocol to match for the
IP ACL rule.
– IPv6 protocols: icmpv6, ipv6, sctp, tcp and udp
– Every: Match any protocol (don’t care)
• source-ipv6-prefix/prefixlength | any | host src-ipv6-address—Specifies a
source IP address and netmask to match for the IP ACL rule.
– For IPv6 ACLs, “any” implies a 0::/128 prefix and a mask of all ones.