An IPv6 ACL is composed of one or more conditional statements that pose an action (permit or
deny) if a packet matches a specified source or destination prefix. There can be up to 1024
statements per device.

In ACLs with multiple statements, you can specify a priority for each statement.The specified
priority determines the order in which the statement appears in the ACL. The last statement in each
IPv6 ACL is an implicit deny statement for all packets that do not match the previous statements in
the ACL.

You can configure an IPv6 ACL on a global basis, then apply it to the incoming IPv6 packets on
specified interfaces. You can apply only one IPv6 ACL to an interface’s incoming traffic. When an
interface sends or receives an IPv6 packet, it applies the statements within the ACL in their order of
appearance to the packet. As soon as a match occurs, the BigIron RX takes the specified action
(permit or deny the packet) and stops further comparison for that packet. Both, IPv4 and IPv6 ACLs
can co-exist on the same interface.

NOTE

IPv6 ACLs are supported on inbound traffic and are implemented in hardware, making it possible
for the BigIron RX to filter traffic at line-rate speed on 10 Gigabit interfaces.

Brocade’s IPv6 ACLs enable traffic filtering based on the following information:

•

IPv6 protocol

•

Source IPv6 address

•

Destination IPv6 address

•

IPv6 message type

•

Source TCP or UDP port (if the IPv6 protocol is TCP or UDP)

Advertising

Popular Brands

Popular manuals