Table of Contents
Advertisement
Command Reference Guide
Functional Notes
IPv6 ACLs are used as packet selectors by different AOS features (firewall, virtual private network (VPN),
quality of service (QoS)); by themselves they do nothing. IPv6 ACLs are composed of an ordered list of
entries with an implicit deny all at the end of each list. An IPv6 ACL entry contains two parts: an action
(permit or deny) and a packet pattern. A permit ACL is used to match packets (meeting the specified
pattern) and allow them to enter the router system or specify that the feature using the ACL should apply
its action to this traffic. A deny ACL advances AOS to the next ACP entry, discards the traffic, or specifies
that the feature using the ACL should not apply its action to this traffic. AOS provides two types of IPv6
ACLs: standard and extended. Standard IPv6 ACLs match based on the source of the packet. Extended
IPv6 ACLs match based on the source and destination of the packet.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the more general at the bottom.
Usage Examples
The following example creates an extended IPv6 ACL named Untrustedv6 that permits any IPv6 traffic
from a source with the same prefix bits as 2001:DB8:3F::/64, headed to a destination of
2001:DB8:85A3::8A2E:0370:7334, and an ICMPv6 message type of echo-request:
(config)#ipv6 access-list extended Untrustedv6
(config-ext6-nacl)#permit icmpv6 2001:DB8:3F::/64 2001:DB8:85A3::8A2E:0370:7334 echo-request
60000CRG0-35E
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control List Command Set
3185
Advertisement
Table of Contents
