Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
How to Configure IPv6 ACLs
Command or Action
Step 5
{deny | permit} tcp
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator
[port-number]] {destination-ipv6-
prefix/prefix-length | any | host
destination-ipv6-address} [operator
[port-number]] [ack] [dscp value]
[established] [fin] [log] [log-input] [neq {port
| protocol}] [psh] [range {port | protocol}]
[rst] [routing] [sequence value] [syn]
[time-range name] [urg]
Step 6
{deny | permit} udp
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [dscp value] [log] [log-input]
[neq {port | protocol}] [range {port |
protocol}] [routing] [sequence value]
[time-range name]]
Step 7
{deny | permit} icmp
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [icmp-type [icmp-code] |
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1224
Purpose
include the input interface in the log entry. Logging is supported only
for router ACLs.
• (Optional) Enter routing to specify that IPv6 packets be routed.
• (Optional) Enter sequence value to specify the sequence number for
the access list statement. The acceptable range is from 1 to
4,294,967,295.
• (Optional) Enter time-range name to specify the time range that
applies to the deny or permit statement.
(Optional) Define a TCP access list and the access conditions.
Enter tcp for Transmission Control Protocol. The parameters are the same
as those described in Step 3a, with these additional optional parameters:
• ack—Acknowledgment bit set.
• established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
• fin—Finished bit set; no more data from sender.
• neq {port | protocol}—Matches only packets that are not on a given
port number.
• psh—Push function bit set.
• range {port | protocol}—Matches only packets in the port number
range.
• rst—Reset bit set.
• syn—Synchronize bit set.
• urg—Urgent pointer bit set.
(Optional) Define a UDP access list and the access conditions.
Enter udp for the User Datagram Protocol. The UDP parameters are the
same as those described for TCP, except that the [operator [port]] port
number or name must be a UDP port number or name, and the established
parameter is not valid for UDP.
(Optional) Define an ICMP access list and the access conditions.
Enter icmp for Internet Control Message Protocol. The ICMP parameters
are the same as those described for most IP protocols in Step 1, with the
addition of the ICMP message type and code parameters. These optional
keywords have these meanings:
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
