Acl Syntax - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
Furthermore, if you add the statement deny icmp any any in the access list, then all neighbor
discovery messages will be denied. You must explicitly enter the permit icmp any any nd-na and
permit icmp any any nd-ns statements just before the deny icmp statement if you want the ACLs to
permit neighbor discovery as in the example below.
BigIron RX(config)# ipv6 access-list netw
BigIron RX(config-ipv6-access-list-netw)# permit icmp 2000:2383:e0bb::/64
2001:3782::/64
BigIron RX(config-ipv6-access-list-netw)# permit icmp any any nd-na
BigIron RX(config-ipv6-access-list-netw)# permit icmp any any nd-ns
BigIron RX(config-ipv6-access-list-netw)# deny icmp any any
BigIron RX(config-ipv6-access-list-netw)# permit ipv6 any any
ACL syntax
NOTES:
When creating ACLs, use the appropriate syntax below for the protocol you are filtering.
For IPv6 and supported protocols other than ICMP, TCP, or UDP
Syntax: [no] ipv6 access-list <acl name>
Syntax: permit | deny <protocol>
For ICMP
Syntax: [no] ipv6 access-list <acl name>
Syntax: permit | deny icmp <ipv6-source-prefix/prefix-length> | any | host
BigIron RX Series Configuration Guide
53-1001986-01
The following features are not supported:
•
ipv6-operator flow-label
•
ipv6-operator fragments when any protocol is specified. The option "fragments" can be
specified only when "permit/deny ipv6" is specified. If you specify "tcp" or any other
protocol instead of "ipv6" the keyword, "fragments" cannot be used.
•
ipv6-operator routing when any protocol is specified. (Same limitation as for
ipv6-operator fragments)
<ipv6-source-prefix/prefix-length> | any | host <source-ipv6_address>
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[ipv6-operator [<value>]]
[802.1p-priority-matching <number>]
[dscp-marking <number> 802.1p-priority-marking <number> internal-priority-marking
<number>] | [dscp-marking <dscp-value> dscp-cos-mapping] | [dscp-cos-mapping]
<source-ipv6_address>
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[ipv6-operator [<value>]]
[ [<icmp-type>][<icmp-code>] ] | [<icmp-messge>]
[802.1p-priority-matching <number>]
[dscp-marking <number> 802.1p-priority-marking <number> internal-priority-marking
<number>]
[dscp-marking <dscp-value> dscp-cos-mapping]
[dscp-cos-mapping]
Configuring an IPv6 ACL
47
1181
Advertisement
Chapters
Table of Contents
