To do...
Create an IPv6
advanced ACL and
enter its view
Configure a description
for the IPv6 advanced
ACL
Set the rule numbering
step
Create or edit a rule
Configure or edit a rule
description
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2
protocol header fields such as source MAC address, destination MAC address, 802.1p
priority (VLAN priority), and link layer protocol type.
Use the command...
acl ipv6 number acl6-number
[ name acl6-name ]
[ match-order { auto | config } ]
description text
step step-value
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
destination { dest dest-prefix |
dest/dest-prefix | any } |
destination-port operator port1
[ port2 ] | dscp dscp | fragment
| icmp6-type { icmp6-type
icmp6-code | icmp6-message }
| logging | source { source
source-prefix |
source/source-prefix | any } |
source-port operator port1
[ port2 ] | time-range
time-range-name ] *
rule rule-id comment text
18
Remarks
Required
By default, no ACL exists.
IPv6 advanced ACLs are
numbered in the range
3000 to 3999.
You can use the acl ipv6
name acl6-name
command to enter the
view of an existing named
IPv6 ACL.
Optional
By default, an IPv6
advanced ACL has no
ACL description.
Optional
5 by default
Required
By default IPv6 advanced
ACL does not contain any
rule.
To create or edit multiple
rules, repeat this step.
The logging keyword takes
effect only when the
module using the ACL
supports logging.
Optional
By default, an IPv6
advanced ACL rule has no
rule description.