ADTRAN AOS Version R10.1.0 Command Reference Manual page 3189

Command Reference Guide
permit <source>
Use the permit command to configure the Internet Protocol version 6 (IPv6) standard access control list
(ACL) to permit specified packets entry into the routing system. Use the no form of this command to
remove the permit permission from the ACL.
Syntax Description
<source>
Default Values
By default, all AOS IPv6 security features are disabled, and there are no configured IPv6 ACLs.
Command History
Release 18.1
Functional Notes
IPv6 ACLs are used as packet selectors by different AOS features (firewall, virtual private network (VPN),
quality of service (QoS)); by themselves they do nothing. IPv6 ACLs are composed of an ordered list of
entries with an implicit deny all at the end of each list. An IPv6 ACL entry contains two parts: an action
(permit or deny) and a packet pattern. A permit ACL is used to match packets (meeting the specified
pattern) and allow them to enter the router system or specify that the feature using the ACL should apply
its action to this traffic. A deny ACL advances AOS to the next ACP entry, discards the traffic, or specifies
that the feature using the ACL should not apply its action to this traffic. AOS provides two types of IPv6
ACLs: standard and extended. Standard IPv6 ACLs match based on the source of the packet. Extended
IPv6 ACLs match based on the source and destination of the packet.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the more general at the bottom.
60000CRG0-35E
Specifies the source used for IPv6 packet matching. Sources can be expressed
in one of three ways:
1. Using the keyword any to match any IPv6 address.
2. Using host <ipv6 address> to specify a single host address. IPv6
addresses should be expressed in colon hexadecimal format (X:X:X:X::X).
For example, 2001:DB8:1::1.
3. Using <ipv6 prefix/prefix-length> to specify a source address to match. IPv6
prefixes should be expressed in colon hexadecimal format (X:X::X/<Z>).
For example, 2001:DB8:3F::/64. The prefix length (<Z>) is an integer with a
value between 0 and 128.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control List Command Set
3189