Creating an IPv6 ACL

Table 18 lists the syntax elements.

TABLE 18

Syntax descriptions

 

 

 

IPv6 ACL arguments

Description

 

 

ipv6 access-list ACL-name

Enables the IPv6 configuration level and defines the name of the IPv6 ACL.

 

 

The ACL-namecan contain up to 199 characters and numbers, but cannot

 

 

begin with a number and cannot contain any spaces or quotation marks.

 

 

 

permit

 

The ACL will permit (forward) packets that match a policy in the access list.

 

 

 

deny

 

The ACL will deny (drop) packets that match a policy in the access list.

 

 

 

icmp

 

Indicates the you are filtering ICMP packets.

 

 

 

protocol

 

The type of IPv6 packet you are filtering. You can specify a well-known name

 

 

for some protocols whose number is less than 255. For other protocols, you

 

 

must enter the number. Enter “?” instead of a protocol to list the well-known

 

 

names recognized by the CLI. IPv6 protocols include

 

 

AHP – Authentication Header

 

 

ESP – Encapsulating Security Payload

 

 

IPv6 – Internet Protocol version 6

 

 

SCTP – Stream Control Transmission Protocol

 

 

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-lengthparameter specify a source prefix and

 

 

prefix length that a packet must match for the specified action (deny or

 

 

permit) to occur. You must specify the ipv6-source-prefixparameter in

 

 

hexadecimal using 16-bit values between colons as documented in RFC

 

 

2373. You must specify the prefix-lengthparameter as a decimal value. A

 

 

slash mark (/) must follow the ipv6-prefixparameter and precede the

 

 

prefix-length parameter.

 

 

 

ipv6-destination-prefix/prefix-lengt

The ipv6-destination-prefix/prefix-length parameter specify a destination

prefix and prefix length that a packet must match for the specified action

h

 

(deny or permit) to occur. You must specify the ipv6-destination-prefix

 

 

parameter in hexadecimal using 16-bit values between colons as

 

 

documented in RFC 2373. You must specify the prefix-lengthparameter as a

 

 

decimal value. A slash mark (/) must follow the ipv6-prefixparameter and

 

 

precede the prefix-lengthparameter

 

 

 

any

 

When specified instead of the ipv6-source-prefix/prefix-lengthor

 

 

ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix

 

 

and is equivalent to the IPv6 prefix::/0.

 

 

 

host

 

Allows you specify a host IPv6 address. When you use this parameter, you do

 

 

not need to specify the prefix length. A prefix length of all128 is implied.

 

 

 

icmp-type

 

ICMP packets can be filtered by ICMP message type. The type is a number

 

 

from 0 to 255.

 

 

 

icmp code

 

ICMP packets, which are filtered by ICMP message type can also be filtered

 

 

by the ICMP message code. The code is a number from 0 to 255,

 

 

icmp-message

ICMP packets are filtered by ICMP messages. Refer to “ICMP message

 

 

configurations” on page 136 for a list of ICMP message types.

 

 

 

tcp

 

Indicates the you are filtering TCP packets.

 

 

 

udp

 

Indicates the you are filtering UDP packets.

134

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 154
Image 154
Brocade Communications Systems 6650 manual IPv6 ACL arguments Description, Ipv6-source-prefix /prefix-length