Command Reference Guide
29
Table 15 ICMPv6 message names supported in IPv6 advanced ACL rules
ICMPv6 messa
g
e name ICMPv6 messa
g
e
t
yp
e
ICMPv6 messa
g
e code
echo-reply 129 0
echo-request 128 0
err-Header-field 4 0
frag-time-exceeded 3 1
hop-limit-exceeded 3 0
host-admin-prohib 1 1
host-unreachable 1 3
neighbor-advertisement 136 0
neighbor-solicitation 135 0
network-unreachable 1 0
packet-too-big 2 0
port-unreachable 1 4
redirect 137 0
router-advertisement 134 0
router-solicitation 133 0
unknown-ipv6-opt 4 2
unknown-next-hdr 4 1
Usage guidelines
If an ACL is for QoS traffic classification or packet filtering:
• Do not specify the fragment keyword.
• Do not specify neq for the operator argument.
• Do not specify the vpn-instance, routing, hop-by-hop, or flow-label keyword if the ACL is for
outbound QoS traffic classification or outbound packet filtering.
• Do not specify ipv6-ah for the protocol argument, nor set its value to 0, 43, 44, 51, or 60, if the ACL
is for outbound QoS traffic classification or outbound packet filtering.
If an ACL is to match information in the IPv6 packet payload, it can only match packets with one
extension header. It cannot match packets with two or more extension headers or with the Encapsulating
Security Payload Header.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created
or changed.
You can edit ACL rules only when the match order is config.
• If you do not specify any optional keywords, the undo rule command deletes the entire rule.
• If you specify optional keywords or arguments, the undo rule command deletes the specified
attributes.
To view rules in an ACL and their rule IDs, use the display acl ipv6 all command.