Cisco ME 3400 Software Configuration Manual page 867
Ethernet access switch
Hide thumbs
Also See for ME 3400:
- Command reference manual (950 pages) ,
- Hardware installation manual (88 pages) ,
- Getting started manual (33 pages)
Table of Contents
Advertisement
Chapter 37
Configuring IPv6 ACLs
Command
Step 3a
{deny | permit} protocol
{source-ipv6-prefix/prefix-length |
any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/
prefix-length | any |
host destination-ipv6-address}
[operator [port-number]]
[dscp value] [fragments] [log]
[log-input] [routing] [sequence
value] [time-range name]
OL-9639-07
Purpose
Enter deny or permit to specify whether to deny or to permit the packet if
conditions are matched. These are the conditions:
•
For protocol, enter the name or number of an Internet protocol: ahp, esp,
icmp, ipv6, pcp, stcp, tcp, or udp, or an integer in the range 0 to 255
representing an IPv6 protocol number.
For additional specific parameters for ICMP, TCP, and UDP, see
Note
Steps 3b through 3d.
The source-ipv6-prefix/prefix-length or destination-ipv6-prefix/
•
prefix-length is the source or destination IPv6 network or class of networks
for which to set deny or permit conditions, specified in hexadecimal and
using 16-bit values between colons.
Enter any as an abbreviation for the IPv6 prefix ::/0.
•
For host source-ipv6-address or destination-ipv6-address, enter the source
•
or destination IPv6 host address for which to set deny or permit conditions,
specified in hexadecimal and using 16-bit values between colons.
•
(Optional) For operator, specify an operand that compares the source or
destination ports of the specified protocol. Operands are lt (less than), gt
(greater than), eq (equal), neq (not equal), and range.
If the operator follows the source-ipv6-prefix/prefix-length argument, it
must match the source port. If the operator follows the destination-ipv6-
prefix/prefix-length argument, it must match the destination port.
(Optional) The port-number is a decimal number from 0 to 65535 or the
•
name of a TCP or UDP port. You can use TCP port names only when
filtering TCP. You can use UDP port names only when filtering UDP.
(Optional) Enter dscp value to match a differentiated services code point
•
value against the traffic class value in the Traffic Class field of each IPv6
packet header. The acceptable range is from 0 to 63.
(Optional) Enter fragments to check noninitial fragments. This keyword is
•
visible only if the protocol is ipv6.
(Optional) Enter log to cause an logging message to be sent to the console
•
about the packet that matches the entry. Enter log-input to include the input
interface in the log entry. Logging is supported only for router ACLs.
(Optional) Enter routing to specify that IPv6 packets be routed.
•
(Optional) Enter sequence value to specify the sequence number for the
•
access list statement. The acceptable range is from 1 to 4294967295.
(Optional) Enter time-range name to specify the time range that applies to
•
the deny or permit statement.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring IPv6 ACLs
37-5
- Quick Links:
- Performance Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
