Table of Contents
Advertisement
Command Reference Guide
deny [tcp | udp] <source> <source port> <destination> <destination port>
<tcp flags>
Use the deny [tcp | udp] command to configure the extended Internet Protocol version 6 (IPv6) access
control list (ACL) to deny specified Transmission Control Protocol (TCP) or User Datagram Protocol
(UDP) packets entry into the routing system. This command provides traffic matching based on the IPv6
header field and the upper layer protocol flags (TCP or UDP). Use the no form of this command to remove
the deny parameter from the IPv6 ACL. Variations of this command include:
deny tcp <source> <destination>
deny tcp <source> <source port> <destination>
deny tcp <source> <source port> <destination> <destination port>
deny tcp <source> <source port> <destination> <destination port> <tcp flags>
deny udp <source> <destination>
deny udp <source> <source port> <destination>
deny udp <source> <source port> <destination> <destination port>
Syntax Description
tcp
udp
<source>
<source port>
60000CRG0-35E
Specifies the IPv6 data protocol as TCP, indicating that TCP upper-layer
protocol headers and fields are used for matching in this ACL entry.
Specifies the IPv6 data protocol as UDP, indicating that UDP upper-layer
protocol headers and fields are used for matching in this ACL entry.
Specifies the source used for IPv6 packet matching. Sources can be expressed
in one of three ways:
1. Using the keyword any to match any IPv6 address.
2. Using host <ipv6 address> to specify a single host address. IPv6
addresses should be expressed in colon hexadecimal format (X:X:X:X::X).
For example, 2001:DB8:1::1.
3. Using <ipv6 prefix/prefix-length> to specify a source address to match. IPv6
prefixes should be expressed in colon hexadecimal format (X:X::X/<Z>).
For example, 2001:DB8:3F::/64. The prefix length (<Z>) is an integer with a
value between 0 and 128.
Optional. Specifies that traffic comparison is conducted on the source port for
the associated protocol (TCP or UDP). When you specify a source port, you
must enter a port operator and a port number or name. The following keywords
and port numbers/names are supported for the <source port> field:
any
eq <port number/name>
gt <port number/name>
lt <port number/name>
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control List Command Set
Matches any destination port.
Matches only packets equal to specified port
number.
Matches only packets with a port number
greater than the specified port number.
Matches only packets with a port number
less than the specified port number.
3168
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
