Command Reference Guide
IPv6 Access Control List Commands
CLI Command Reference
September 2014 Page 673
HP Moonshot Switch Module CLI Command Reference
{deny | permit} (IPv6)
This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured
rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a
minimum, either the
every keyword or the protocol, source address, and destination address values must be
specified. The source and destination IPv6 address fields may be specified using the keyword
any to indicate a
match on any value in that field. The remaining command parameters are all optional, but the most frequently
used parameters appear in the same relative order as shown in the command format.
The
time-range parameter allows imposing time limitation on the IPv6 ACL rule as defined by the parameter
time-range-name. If a time range with the specified name does not exist and the IPv6 ACL containing this ACL
rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with
specified name exists and the IPv6 ACL containing this ACL rule is applied to an interface or bound to a VLAN,
then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed
when the time-range with specified name becomes inactive. For information about configuring time ranges,
see “Time Range Commands for Time-Based ACLs” on page 676.
The assign-queue parameter allows specification of a particular hardware queue for handling traffic that
matches this rule. The allowed
queue-id value is 0-6 because the number of user configurable queues available
is 7. The
assign-queue parameter is valid only for a permit rule.
The
mirror parameter allows the traffic matching this rule to be copied to the specified unit/slot/port, while
the redirect parameter allows the traffic matching this rule to be forwarded to the specified
unit/slot/port.
The
assign-queue and redirect parameters are only valid for a permit rule.
The permit command’s optional attribute rate-limit allows you to permit only the allowed rate of traffic as per
the configured rate in kbps, and burst-size in kbytes.
Example: The following shows an example of the command.
(Routing) (Config)#ipv6 access-list ip61
(Routing) (Config-ipv6-acl)#permit udp any any rate-limit 32 16
(Routing) (Config-ipv6-acl)#exit
Format
{deny | permit} {every | {{icmpv6 | ipv6 | tcp | udp | 0–255}[log] [time-range time-
range-name] [assign-queue queue-id] [{mirror | redirect} unit/slot/port] [rate-limit
rate burst-size]
Mode IPv6-Access-List Config
Note: The no form of this command is not supported, since the rules within an IPv6 ACL cannot be
deleted individually. Rather, the entire IPv6 ACL must be deleted and respecified.
Note: An implicit deny all IPv6 rule always terminates the access list.