HPE FlexFabric 5940 Series Command Reference Manual page 31

Default
No IPv6 advanced ACL rules exist.
Views
IPv6 advanced ACL view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an
ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of
the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Specifies one of the following values:
•
A protocol number in the range of 0 to 255.
•
A protocol name: gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6),
or udp (17). The ipv6 keyword specifies all protocols.
Table 11 describes the parameters that you can specify regardless of the value for the protocol
argument.
Table 11 Match criteria and other rule information for IPv6 advanced ACL rules
Parameters
source
{ source-address
source-prefix |
source-address/s
ource-prefix |
any }
destination
{ dest-address
dest-prefix |
dest-address/dest
-prefix | any }
counting
dscp dscp
flow-label
flow-label-value
fragment
logging
Function
Specifies a source IPv6
address.
Specifies a destination
IPv6 address.
Counts the times that the
rule is matched.
Specifies a DSCP
preference.
Specifies a flow label value
in an IPv6 packet header.
Applies the rule only to
non-first fragments.
Logs matching packets.
Description
The source-address argument specifies an IPv6 source
address.
The source-prefix argument specifies a prefix length in
the range of 1 to 128.
The any keyword represents any IPv6 source address.
The dest-address argument specifies a destination IPv6
address.
The dest-prefix argument specifies a prefix length in the
range of 1 to 128.
The any keyword represents any IPv6 destination
address.
The counting keyword enables match counting specific
to rules, and the hardware-count keyword in the
packet-filter ipv6 command enables match counting for
all rules in an ACL. If the counting keyword is not
specified, matches for the rule are not counted.
The dscp argument can be a number in the range of 0 to
63, or in words, af11 (10), af12 (12), af13 (14), af21 (18),
af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41
(34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4
(32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46).
The flow-label-value argument is in the range of 0 to
1048575.
If you do not specify this keyword, the rule applies to all
fragments and non-fragments.
This feature requires that the module (for example,
26