4 ipv6 traffic-filter – Fortinet 548B User Manual

- 400 -

specified. The source and destination IPv6

address fields may be specified using the keyword ‘any’ to

indicate a match on any value in that field. The remaining command parameters are all optional, but the
most frequently used parameters appear in the same relative order as shown in the command format.

The assign-queue parameter allows specification of a particular hardware queue for handling traffic that
matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable
queues available for the hardware platform. The assign-queue parameter is valid only for a permit rule.

The mirror parameter allows the traffic matching this rule to be copied to the specified <slot/port>, while
the redirect parameter allows the traffic matching this rule to be forwarded to the specified <slot/port>.
The assign-queue and redirect parameters are only valid for a permit rule.

Syntax

{del-rule-id | deny | permit} {every | {{icmpv6 | ipv6 | tcp | udp | <number>} [log] [assign-queue
<queue-id>] [{mirror | redirect} <slot/port>] [rule-id]

Default Setting

None

Command Mode

IPv6-Access-List Config

7.23.2.4 ipv6 traffic-filter

This command either attaches a specific IPv6 ACL identified by <name> to an interface or associates
with a VLAN ID in a given direction. The <name> parameter must be the name of an existing IPv6 ACL.

An optional sequence number may be specified to indicate the order of this mac access list relative to
other IPv6 access lists already assigned to this interface and direction. A lower number indicates higher
precedence order. If a sequence number

is already in use for this interface and direction, the specifiedIPv6 access list replaces the currently
attached IPv6 access list using that sequence number. If the sequence number is not specified for this
command, a sequence number that is one greater than the highest sequence number currently in use for
this interface and direction is used.

This command specified in Interface Config mode only affects a single interface, whereas the Global
Config mode setting is applied to all interfaces. The vlan keyword is only valid in the Global Config mode.
The Interface Config mode command is only available on platforms that support independent per-port
class of service queue configuration.

Syntax

ipv6 traffic-filter <name> [vlan <vlan-id>] in [<1-4294967295>]
no ipv6 traffic-filter <name> [vlan <vlan-id>] in [<1-4294967295>]

no - This command removes an IPv6 ACL identified by <name> from the interface(s) in a given
direction