24 permit | deny(ipv6 standard) – Accton Technology ES4626 User Manual
Page 771
771
<dIPv6Addr>}} [<icmp-type> [<icmp-code>]] [dscp <dscp>] [flow-label <fl>]
[no] {deny | permit} tcp {<sIPv6Prefix/sPrefixlen> | any | {host <sIPv6Addr>}}
[s-port <sPort>] {<dIPv6Prefix/dPrefixlen> | any-destination | {host-destination
<dIPv6Addr>}} [d-port <dPort>] [syn | ack | urg | rst | fin | psh] [dscp <dscp>]
[flow-label <fl>]
[no] {deny | permit} udp {<sIPv6Prefix/sPrefixlen> | any | {host <sIPv6Addr>}}
[s-port <sPort>] {<dIPv6Prefix/dPrefixlen> | any-destination | {host-destination
<dIPv6Addr>}} [d-port <dPort>] [dscp <dscp>] [flow-label <fl>]
[no] {deny | permit} <proto> {<sIPv6Prefix/sPrefixlen> | any | {host
<sIPv6Addr>}} {<dIPv6Prefix/dPrefixlen> | any-destination | {host-destination
<dIPv6Addr>}} [dscp <dscp>] [flow-label <fl>]
Function:
Create an extended nomenclature IPv6 access control rule for specific IPv6
protocol.
Parameter:<sIPv6Addr>
is the source IPv6 address;<sPrefixlen> is the length of the
IPv6 address prefix,the range is 1 ~ 128;<dIPv6Addr> is the destination IPv6
address;<dPrefixlen> is the length of the IPv6 address prefix,the range is 1 ~
128;<igmp-type>,type of the igmp;<icmp-type>,icmp type;<icmp-code>,icmp protocol
number;<dscp>,IPv6 priority ,the range is 0~63;<fl>,value of the flow label,the range
is 0 ~ 1048575;syn,ack,urg,rst,fin,psh,tcp label position;<sPort>,source port
number,the range is 0~65535;<dPort>,destination port number, the range is 0~
65535;
Command Mode:
IPv6 nomenclature extended access control list mode
Default:
No access control list configured
Example:
Create an extended access control list named udpFlow, denying the igmp
packets while allowing udp packets with destination address 2001:1:2:3::1 and
destination port 32.
Switch(Config)#ipv6 access-list extended udpFlow
Switch(Config-Ext-Nacl-udpFlow)#ipv6 access-list 110 deny igmp any any-destination
Switch(Config-Ext-Nacl-udpFlow)#ipv6 access-list 110 permit udp any host-destination
2001:1:2:3::1 dPort 32
18.2.2.24 permit | deny(ipv6 standard)
Command: [no] {deny | permit} {{<sIPv6Prefix/sPrefixlen>} | any | {host
<sIPv6Addr>}}
Function:
Create a standard nomenclature IPv6 access control rule; the “no” form of this
command deletes the nomenclature standard IPv6 access control rule.
Parameter:<sIPv6Prefix>
is the prefix of the source IPv6 address,<sPrefixlen> is the