Table of Contents
Advertisement
ACL Commands
78-20269-01 Command Line Interface Reference Guide
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. You can
define up to #ASIC-specific ranges for TCP and up to #ASIC-specific ranges for
UDP. If a range of ports is used for a source port in ACE, it is not counted again if it
is also used for a source port in another ACE. If a range of ports is used for
destination port in ACE it is not counted again if it is also used for destination port
in another ACE.
If a range of ports is used for source port it is counted again if it is also used for
destination port.
Example
This example defines an ACL by the name of server and enters a rule (ACE) for tcp
packets.
console(config)# ipv6 access-list server
console(config-ipv6-al)# permit tcp 3001::2/64 any any 80
40.6
deny ( IPv6 )
Use the deny command in IPv6 Access List Configuration mode to set permit
conditions (ACEs) for IPv6 ACLs.
Syntax
protocol {any | {source-prefix/length}{any | destination- prefix/length} [dscp
deny
number | precedence number] [disable-port | log-input]
icmp {any | {source-prefix/length}{any | destination- prefix/length}
deny
{any| i cmp-type} {any| i cmp-code} [dscp number | precedence number]
[disable-port | log-input]
tcp {any | {source-prefix/length} {any | source-port/port-range}}{any |
deny
destination- prefix/length} {any| destination-port/port-range} [dscp number |
precedence number] [match-all list-of-flags] [disable-port | log-input]
udp {any | {source-prefix/length}} {any | source-port/port-range}}{any |
deny
destination- prefix/length} {any| destination-port/port-range} [dscp number |
precedence number] [disable-port | log-input]
40
542
Advertisement
Table of Contents
