Using ipv6 acls as input to other features, Configuring an ipv6 acl, Example configurations – Brocade BigIron RX Series Configuration Guide User Manual
Page 1366: Using ipv6 acls as input to other features 8, Configuring an ipv6 acl 8
1288
BigIron RX Series Configuration Guide
53-1002484-04
Using IPv6 ACLs as input to other features
48
•
Destination TCP or UDP port (if the IPv6 protocol is TCP or UDP)
The IPv6 protocol can be one of the following well-known names or any IPv6 protocol number from
0 – 255:
•
Authentication Header (AHP)
•
Encapsulating Security Payload (ESP)
•
Internet Control Message Protocol (ICMP)
•
Internet Protocol Version 6 (IPv6)
•
Stream Control Transmission Protocol (SCTP)
•
Transmission Control Protocol (TCP)
•
User Datagram Protocol (UDP)
For TCP and UDP, you also can specify a comparison operator and port name or number. For
example, you can configure a policy to block web access to a specific website by denying all TCP
port 80 (HTTP) packets from a specified source IPv6 address to the website’s IPv6 address.
IPv6 ACLs also provide support for filtering packets based on DSCP.
This chapter contains the following sections:
•
“Using IPv6 ACLs as input to other features”
•
•
“Applying an IPv6 ACL to an interface”
•
“Adding a comment to an IPv6 ACL entry”
•
Using IPv6 ACLs as input to other features
You can use an IPv6 ACL to provide input to other features such as route maps and distribution
lists. When you use an ACL this way, use permit statements in the ACL to specify the traffic that you
want to send to the other feature. If you use deny statements, the traffic specified by the deny
statements is not supplied to the other feature.
Configuring an IPv6 ACL
To configure an IPv6 ACL, you must do the following:
•
Create the ACL
•
Apply the ACL to an interface
Example configurations
To configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host
2000:2382:e0bb::2, enter the following commands.