47
Using IPv6 ACLs as input to other features
•
The IPv6 protocol can be one of the following well-known names or any IPv6 protocol number from
0 – 255:
•
•
•
•
•
•
•
For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IPv6 address to the website's IPv6 address.
IPv6 ACLs also provide support for filtering packets based on DSCP.
This chapter contains the following sections:
•
•
•
•
•
Using IPv6 ACLs as input to other features
You can use an IPv6 ACL to provide input to other features such as route maps and distribution
lists. When you use an ACL this way, use permit statements in the ACL to specify the traffic that you
want to send to the other feature. If you use deny statements, the traffic specified by the deny
statements is not supplied to the other feature.
Configuring an IPv6 ACL
To configure an IPv6 ACL, you must do the following:
•
•
1186
Destination TCP or UDP port (if the IPv6 protocol is TCP or UDP)
Authentication Header (AHP)
Encapsulating Security Payload (ESP)
Internet Control Message Protocol (ICMP)
Internet Protocol Version 6 (IPv6)
Stream Control Transmission Protocol (SCTP)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
"Using IPv6 ACLs as input to other features"
"Configuring an IPv6 ACL"
"Applying an IPv6 ACL to an interface"
"Adding a comment to an IPv6 ACL entry"
"Displaying ACLs"
on page 1197
Create the ACL
Apply the ACL to an interface
on page 1186
on page 1186
on page 1195
on page 1195
BigIron RX Series Configuration Guide
53-1001810-01