Deny (Ipv6) - Planet WGSW-28040 Command Manual

match-all
Mode:
IPv6 ACL Configuration
Usage Guide:
Use the permit command to add permit conditions for an IPv6 ACE that bypass those packets hit the ACE. The
"sequence" also represents hit priority when ACL bind to an interface. An ACE not specifies "sequence" index would
assign a sequence index which is the largest existed index plus 20. If packet content can match more than one ACE,
the lowest sequence ACE is hit. An ACE can not be added if has the same conditions as existed ACE.
Example:
The example shows how to add a set of ACEs. You can verify settings by the following show acl command.
This command shows how to permit a source IP address subnet.
Switch(ipv6-al)# permit permit ipv6 fe80:1122:3344:5566::1/64 any
Switch(ipv6-al)# show acl
IPv6 access list ipv6test
sequence 1 permit ipv6 fe80:1122:3344:5566::1/64 any

4.3.9 deny (IPv6)

Command:
[sequence <1-2147483647>] deny (<0-255>|ipv6) (X:X::X:X/<0-128>|any)
(X:X::X:X/<0-128>|any) [(dscp|precedence) VALUE] [shutdown]
[sequence <1-2147483647>] deny icmp (X:X::X:X/<0-128>|any)
(X:X::X:X/<0-128>|any) (<0-255>|destination-unreachable|packet-too-big|
time-exceeded|parameter-problem|echo-request|echo-reply|
mld-query|mld-report|mldv2-report|mld-done|
router-solicitation|router-advertisement|nd-ns|nd-na|any)
(<0-255>|any)[(dscp|precedence) VALUE] [shutdown]
[sequence <1-2147483647>] deny tcp (X:X::X:X/<0-128>|any)
list or a number of TCP/UDP port.
Specify tcp flag for TCP packet. If a flag should be set it is prefixed by \"+\".If a flag
should be unset it is prefixed by \"-\". Available options are +urg, +ack, +psh, +rst, +syn,
+fin, -urg, -ack, -psh, -rst, -syn and -fin.To define more than 1 flag - enter additional
flags one after another without a space (example +syn-ack).
Command Guide of WGSW-28040
61