Deny (Ipv6-Acl Configuration) - Cisco AJ732A - MDS 9134 Fabric Switch Command Reference Manual
Cisco mds 9000 family command reference guide - release 4.x (ol-18089-01, february 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Configuration manual (700 pages) ,
- Messages manual (518 pages) ,
- Installation manual (288 pages)
Table of Contents
Advertisement
deny (IPv6-ACL configuration)
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
dest-port-operator
dest-port-operator
range
established
Defaults
None.
Command Modes
IPv6-ACL configuration submode.
Command History
Release
3.0(1)
Usage Guidelines
The following guidelines can assist you in configuring an IPv6-ACL. For complete information, refer to
the Cisco MDS 9000 Family CLI Configuration Guide.
•
Do not apply IPv6-ACLs to just one member of a PortChannel group. Apply IPv6-ACLs to the entire
Caution
channel group.
•
•
Examples
The following example configures an IPv6-ACL called List1, enters IPv6-ACL submode, and adds an
entry to deny TCP traffic from any source address to any destination address:
switch# config terminal
switch(config)# ipv6 access-list List1
switch(config-ipv6-acl)# deny tcp any any
The following example removes a deny condition set for any destination prefix on a specified UDP host:
switch# config terminal
switch(config)# ipv6 access-list List1
switch(config-ipv6-acl)# no deny udp host 2001:db8:200d::4000 any
Cisco MDS 9000 Family Command Reference
5-12
Specifies an operand that compares the destination ports of the specified
protocol. The operands are lt (less than), gt (greater than), and eq (equals).
Specifies the port number of a TCP or UDP port. The number can be from 0
to 65535. A range requires two port numbers.
Specifies a range of ports to compare for the specified protocol.
(Optional) Indicates an established connection, which is defined as a packet
whole SYN flag is not set.
Modification
This command was introduced.
You can apply IPv6-ACLs to VSAN interfaces, the management interface, Gigabit Ethernet
interfaces on IPS modules and MPS-14/2 modules, and Ethernet PortChannel interfaces. However,
if IPv6-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface
to a Ethernet PortChannel group.
Use only the TCP or ICMP options when configuring IPv6-ACLs on Gigabit Ethernet interfaces.
Configure the order of conditions accurately. Because the IPv6-ACL filters are applied sequentially
to the IP flows, the first match determines the action taken. Subsequent matches are not considered.
Be sure to configure the most important condition first. If no conditions match, the software drops
the packet.
Chapter 5
D Commands
OL-18089-01, Cisco NX-OS Release 4.x
Advertisement
Table of Contents
