Table of Contents
Advertisement
Item
Match Criteria (IPv6 ACLs)
Every
Protocol
Fragments
Source Prefix / Pre-
fix Length
Source L4 Port
Destination Prefix /
Prefix Length
Destination L4 Port
ICMP Type
ICMP Code
ICMP Message
TCP Flags
Flow Label
IP DSCP
Routing
EKI-9500 Series User Manual
Description
When this option is selected, all packets will match the rule and will be
either permitted or denied. This option is exclusive to all other match
criteria, so if Every is selected, no other match criteria can be config-
ured. To configure specific match criteria, this option must be clear.
The IANA-assigned protocol number to match within the IP packet.
You can also specify one of the following keywords: ICMPv6, IPv6,
TCP, or UDP.
IPv6 ACL rule to match on fragmented IP packets.
The IPv6 prefix combined with IPv6 prefix length of the network or host
from which the packet is being sent. To indicate a destination host,
specify an IPv6 prefix length of 128.
The TCP/UDP source port to match in the packet header. Select one of
the following options: Equal, Not Equal, Less Than, Greater Than, or
Range and specify the port number or keyword. TCP port keywords
include BGP, Domain, Echo, FTP, FTP Data, HTTP, SMTP, Telnet,
WWW, POP2, and POP3. UDP port keywords include Domain, Echo,
NTP, RIP, SNMP, TFTP, TIME, and WHO.
The IPv6 prefix combined with the IPv6 prefix length to be compared to
a packet's destination IPv6 address as a match criteria for the IPv6
ACL rule. To indicate a destination host, specify an IPv6 prefix length
of 128.
The TCP/UDP destination port to match in the packet header. Select
one of the following options: Equal, Not Equal, Less Than, Greater
Than, or Range and specify the port number or keyword.
TCP port keywords include BGP, Domain, Echo, FTP, FTP Data,
HTTP, SMTP, Telnet, WWW, POP2, and POP3.
UDP port keywords include Domain, Echo, NTP, RIP, SNMP, TFTP,
TIME, and WHO.
IPv6 ACL rule to match on the specified ICMP message type. This
option is available only if the protocol is ICMPv6.
IPv6 ACL rule to match on the specified ICMP message code. This
option is available only if the protocol is ICMPv6.
IPv6 ACL rule to match on the ICMP message type and code. Specify
one of the following supported ICMPv6 messages: Destination-
Unreachable, Echo-Request, Echo-Reply, Header, Hop-Limit, MLD-
Query, MLD-Reduction, MLD-Report, ND-NA, ND-NS, Next-Header,
No-Admin, No-Route, Packet-Too-Big, Port-Unreachable, Router-
Solicitation, Router-Advertisement, Router-Renumbering, Time-
Exceeded, and Unreachable. This option is available only if the proto-
col is ICMPv6.
IPv6 ACL rule to match on the TCP flags. When a + flag is specified, a
match occurs if the flag is set in the TCP header. When a - flag is spec-
ified, a match occurs if the flag is not set in the TCP header. When
Established is specified, a match occurs if either RST or ACK bits are
set in the TCP header. This option is available only if the protocol is
TCP.
A 20-bit number that is unique to an IPv6 packet, used by end stations
to signify quality-of-service handling in routers.
The IP DSCP value in the IPv6 packet to match to the rule. The DSCP
value is defined as the high-order six bits of the Service Type octet in
the IPv6 header.
IPv6 ACL rule to match on routed packets.
284
Advertisement
Table of Contents
