Table of Contents
Advertisement
Command Reference Guide
Functional Notes
IPv6 ACLs are used as packet selectors by different AOS features (firewall, virtual private network (VPN),
quality of service (QoS)); by themselves they do nothing. IPv6 ACLs are composed of an ordered list of
entries with an implicit deny all at the end of each list. An IPv6 ACL entry contains two parts: an action
(permit or deny) and a packet pattern. A permit ACL is used to match packets (meeting the specified
pattern) and allow them to enter the router system or specify that the feature using the ACL should apply
its action to this traffic. A deny ACL advances AOS to the next ACP entry, discards the traffic, or specifies
that the feature using the ACL should not apply its action to this traffic. AOS provides two types of IPv6
ACLs: standard and extended. Standard IPv6 ACLs match based on the source of the packet. Extended
IPv6 ACLs match based on the source and destination of the packet.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the more general at the bottom.
Usage Examples
The following example creates an entry in the Untrustedv6 IPv6 ACL that permits IPv6 traffic matching
source IPv6 prefix 2001:DB8:3F::/64 and any destination IPv6 address:
(config)#ipv6 access-list extended Untrustedv6
(config-ext6-nacl)#permit ipv6 2001:DB8:3F::/64 any
60000CRG0-35E
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control List Command Set
3177
Advertisement
Table of Contents
