Table of Contents
Advertisement
undo rule { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } |
counting
dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ]
| dscp dscp | flow-label flow-label-value | fragment | icmp6-type
{ icmp6-type icmp6-code | icmp6-message } | routing [ type routing-type ] |
hop-by-hop [ type hop-type ] | source { source-address source-prefix |
source-address/source-prefix | any } | source-port operator port1 [ port2 ]
| time-range time-range-name | vpn-instance vpn-instance-name ] *
Default
No IPv6 advanced ACL rules exist.
Views
IPv6 advanced ACL view
Predefined user roles
network-admin
Parameters
: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating
rule-id
an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple
of the numbering step to the current highest rule ID, starting from the start rule ID. For example, if the
rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
: Denies matching packets.
deny
: Allows matching packets to pass.
permit
protocol
•
A protocol number in the range of 0 to 255.
•
A protocol name: gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6),
or udp (17). The
Table 6
describes the parameters that you can specify regardless of the value for the
argument.
Table 6 Match criteria and other rule information for IPv6 advanced ACL rules
Parameters
source
source-address
{
source-prefix
source-address/so
urce-prefix
destination
dest-address
{
dest-prefix
dest-address/dest
-prefix
counting
|
destination
: Specifies one of the following values:
keyword specifies all protocols.
ipv6
Function
Specifies a source IPv6
|
address.
any
|
}
Specifies a destination
|
IPv6 address.
any
|
}
Enables rule match
counting in software.
{
dest-address
Description
source-address
The
an IPv6 source address.
source-prefix
The
prefix length in the range of 1 to 128.
any
The
keyword represents any IPv6 source
address.
dest-address
The
destination IPv6 address.
dest
prefix
The
-
length in the range of 1 to 128.
any
The
keyword represents any IPv6
destination address.
counting
The
counting specific to rules, and the
hardware-count
packet-filter
14
dest-prefix
protocol
argument specifies
argument specifies a
argument specifies a
argument specifies a prefix
keyword enables match
keyword in the
command enables match
|
Advertisement
Chapters
Table of Contents
