Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Command or Action
Step 2
configure terminal
Example:
Switch# configure terminal
Step 3
{ipv6 access-list list-name
Example:
Switch(config)# ipv6 access-list
example_acl_list
Step 4
{deny | permit} protocol
{source-ipv6-prefix/|prefix-length|any| host
source-ipv6-address} [ operator [ port-number
]] { destination-ipv6-prefix/ prefix-length | any
| host destination-ipv6-address} [operator
[port-number]][dscp value] [fragments] [log]
[log-input] [routing] [sequence value]
[time-range name]
Purpose
Enters the global configuration mode.
Defines an IPv6 ACL name, and enters IPv6 access list configuration mode.
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched. These are the conditions:
• For protocol, enter the name or number of an Internet protocol: ahp,
esp, icmp, ipv6, pcp, stcp, tcp, or udp, or an integer in the range 0
to 255 representing an IPv6 protocol number.
• The source-ipv6-prefix/prefix-length or destination-ipv6-prefix/
prefix-length is the source or destination IPv6 network or class of
networks for which to set deny or permit conditions, specified in
hexadecimal and using 16-bit values between colons (see RFC 2373).
• Enter any as an abbreviation for the IPv6 prefix ::/0.
• For host source-ipv6-address or destination-ipv6-address, enter the
source or destination IPv6 host address for which to set deny or permit
conditions, specified in hexadecimal using 16-bit values between
colons.
• (Optional) For operator, specify an operand that compares the source
or destination ports of the specified protocol. Operands are lt (less
than), gt (greater than), eq (equal), neq (not equal), and range.
If the operator follows the source-ipv6-prefix/prefix-length argument,
it must match the source port. If the operator follows the
destination-ipv6- prefix/prefix-length argument, it must match the
destination port.
• (Optional) The port-number is a decimal number from 0 to 65535
or the name of a TCP or UDP port. You can use TCP port names only
when filtering TCP. You can use UDP port names only when filtering
UDP.
• (Optional) Enter dscp value to match a differentiated services code
point value against the traffic class value in the Traffic Class field of
each IPv6 packet header. The acceptable range is from 0 to 63.
• (Optional) Enter fragments to check noninitial fragments. This
keyword is visible only if the protocol is ipv6.
• (Optional) Enter log to cause an logging message to be sent to the
console about the packet that matches the entry. Enter log-input to
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
How to Configure IPv6 ACLs
1223
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
