Cisco Catalyst 3560-X Software Configuration Manual page 966

Configuring Standard QoS
Command
Step 3
{deny | permit} protocol
{source-ipv6-prefix/prefix-len
gth | any | host
source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/
prefix-length | any | host
destination-ipv6-address}
[operator [port-number]]
[dscp value] [fragments]
[log] [log-input] [routing]
[sequence value] [time-range
name]
Step 4 end
Step 5 show ipv6 access-list
Step 6
copy running-config
startup-config
To delete an access list, use the no ipv6 access-list access-list-number global configuration command.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-52
Purpose
Enter deny or permit to specify whether to deny or permit the packet if conditions
are matched. These are the conditions:
• For protocol, enter the name or number of an Internet protocol: ahp, esp, icmp,
ipv6, pcp, stcp, tcp, or udp, or an integer in the range 0 to 255 representing an
IPv6 protocol number.
For additional specific parameters for ICMP, TCP, and UDP, see
Note
IPv6 ACLs, page 1-5.
The source-ipv6-prefix/prefix-length or destination-ipv6-prefix/ prefix-length is
•
the source or destination IPv6 network or class of networks for which to set
deny or permit conditions, specified in hexadecimal and using 16-bit values
between colons (see RFC 2373).
Enter any as an abbreviation for the IPv6 prefix ::/0.
•
For host source-ipv6-address or destination-ipv6-address, enter the source or
•
destination IPv6 host address for which to set deny or permit conditions,
specified in hexadecimal using 16-bit values between colons.
• (Optional) For operator, specify an operand that compares the source or
destination ports of the specified protocol. Operands are lt (less than), gt
(greater than), eq (equal), neq (not equal), and range.
If the operator follows the source-ipv6-prefix/prefix-length argument, it must
match the source port. If the operator follows the destination-ipv6-
prefix/prefix-length argument, it must match the destination port.
(Optional) The port-number is a decimal number from 0 to 65535 or the name
•
of a TCP or UDP port. You can use TCP port names only when filtering TCP.
You can use UDP port names only when filtering UDP.
(Optional) Enter dscp value to match a differentiated services code point value
•
against the traffic class value in the Traffic Class field of each IPv6 packet
header. The acceptable range is from 0 to 63.
(Optional) Enter fragments to check noninitial fragments. This keyword is
•
visible only if the protocol is ipv6.
(Optional) Enter log to cause a logging message to be sent to the console about
•
the packet that matches the entry. Enter log-input to include the input interface
in the log entry. Logging is supported only for router ACLs.
(Optional) Enter routing to specify that IPv6 packets be routed.
•
(Optional) Enter sequence value to specify the sequence number for the access
•
list statement. The acceptable range is from 1 to 4294967295.
(Optional) Enter time-range name to specify the time range that applies to the
•
deny or permit statement.
Return to privileged EXEC mode.
Verify the access list configuration.
(Optional) Save your entries in the configuration file.
Chapter 1 Configuring QoS
Creating
OL-25303-03