R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Table 9 Match criteria and other rule information for IPv6 advanced ACL rules

Parameters Function Descri

tion

source { source

source-prefix |

source/source-prefix |

any }

Specifies a source IPv6 address

The source and source-prefix arguments

represent an IPv6 source address, and prefix

length that ranges from 1 to 128.

The any keyword represents any IPv6 source

address.

destination { dest

dest-prefix |

dest/dest-prefix | any }

Specifies a destination IPv6

address

The dest and dest-prefix arguments represent a

destination IPv6 address, and prefix length that

ranges from 1 to 128.

The any keyword specifies any IPv6 destination

address.

counting

Counts the number of times the

IPv6 ACL rule has been matched

N/A

dscp dscp Specifies a DSCP preference

The dscp argument can be a number in the

range 0 to 63, or in words, af11 (10), af12

(12), af13 (14), af21 (18), af22 (20), af23

(22), af31 (26), af32 (28), af33 (30), af41

(34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3

(24), cs4 (32), cs5 (40), cs6 (48), cs7 (56),

default (0), or ef (46).

flow-label

flow-label-value

Specifies a flow label value in

an IPv6 packet header

The flow-label-value argument is in the range 0

to 1048575.

logging Logs matching packets

This function requires that the module (for

example, a firewall) that uses the ACL supports

logging.

vpn-instance

vpn-instance-name

Applies the rule to packets in a

VPN instance

The vpn-instance-name argument takes a

case-sensitive string of 1 to 31 characters.

If no VPN instance is specified, the rule applies

only to non-VPN packets.

fragment

Applies the rule to only non-first

fragments

Without this keyword, the rule applies to all

fragments and non-fragments.

time-range

time-range-name

Specifies a time range for the

rule

The time-range-name argument takes a

case-insensitive string of 1 to 32 characters. It

must start with an English letter. If the time range

is not configured, the system creates the rule;

however, the rule using the time range can take

effect only after you configure the timer range.

If the protocol argument takes tcp (6) or udp (17), you can set the parameters shown in Table 10.