Ipv6 access control lists, Ipv6 acl overview, Chapter 3 – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 61
Brocade Virtual ADX Security Guide
49
53-1003250-01
Chapter
3
IPv6 Access Control Lists
IPv6 ACL overview
Brocade Virtual ADX supports IPv6 access control lists (ACLs). The maximum number of ACL entries
you can configure is a system-wide parameter and depends on the device you are configuring. You
can configure up to the maximum number of 1024 entries in any combination in different ACLs.
The total number of entries in all ACLs cannot exceed the system maximum of 1024
An IPv6 ACL is composed of one or more conditional statements that pose an action (permit or
deny) if a packet matches a specified source or destination prefix. There can be up to 1024 IPv6
ACL statements per device. When the maximum number of IPv6 ACL rules are reached, the
following error message will display on the console:
IPv6 ACL rules cannot be configured,exceeds the maximum limit of 1024 entries
Insufficient resource for binding the ACL scale1 to interface Port or Slot/Port.
In ACLs with multiple statements, you can specify a priority for each statement.The specified
priority determines the order in which the statement appears in the ACL. The last statement in each
IPv6 ACL is an implicit deny statement for all packets that do not match the previous statements in
the ACL.
You can configure an IPv6 ACL on a global basis, then apply it to the incoming IPv6 packets on
specified interfaces. You can apply only one IPv6 ACL to an interface’s incoming traffic. When an
interface receives an IPv6 packet, it applies the statement within the ACL in their order of
appearance to the packet. As soon as a match occurs, the Brocade Virtual ADX takes the specified
action (permit or deny the packet) and stops further comparison for that packet.
Brocade’s IPv6 ACLs enable traffic filtering based on the following information:
•
IPv6 protocol
•
Source IPv6 address
•
Destination IPv6 address
•
Source TCP or UDP port (if the IPv6 protocol is TCP or UDP)
•
Destination TCP or UDP port (if the IPv6 protocol is TCP or UDP)
The IPv6 protocol can be one of the following well-known names or any IPv6 protocol number from
0–255:
•
Authentication Header (AHP)
•
Encapsulating Security Payload (ESP)
•
Internet Control Message Protocol (ICMP)
•
Internet Protocol Version 6 (IPv6)
•
Stream Control Transmission Protocol (SCTP)
•
Transmission Control Protocol (TCP)
•
User Datagram Protocol (UDP)