Permit, deny (extended ipv6 acl) – Asante Technologies 40240/40480-10G User Manual

e.g., in a hop-by-hop option. A flow is uniquely identified by the combination
of a source address and a non-zero flow label. Packets that do not belong to
a flow carry a flow label of zero.

Hosts or routers that do not support the functions specified by the flow label
must set the field to zero when originating a packet, pass the field on
unchanged when forwarding a packet, and ignore the field when receiving a
packet.

•

Optional internet-layer information is encoded in separate headers that may

be placed between the IPv6 header and the upper-layer header in a packet.
There are a small number of such extension headers, each identified by a
distinct Next Header value. IPv6 supports the values defined for the IPv4
Protocol field in RFC 1700, including these commonly used headers:

0 : Hop-by-Hop Options

(RFC 2460)

6 : TCP Upper-layer Header

(RFC 1700)

17 : UDP Upper-layer Header

(RFC 1700)

43 : Routing

(RFC 2460)

44 : Fragment

(RFC 2460)

51 : Authentication

(RFC 2402)

50 : Encapsulating Security Payload

(RFC 2406)

60 : Destination Options

(RFC 2460)

Example

This example accepts any incoming packets if the destination address is
2009:DB9:2229::79/48.

Console(config-ext-ipv6-acl)#permit 2009:DB9:2229::79/48

Console(config-ext-ipv6-acl)#

This allows packets to any destination address when the DSCP value is 5.

Console(config-ext-ipv6-acl)#permit any dscp 5

Console(config-ext-ipv6-acl)#

This allows any packets sent to the destination 2009:DB9:2229::79/48 when the flow
label is 43.”

Console(config-ext-ipv6-acl)#permit 2009:DB9:2229::79/48 flow-label 43

Console(config-ext-ipv6-acl)#

Related Commands

access-list ipv6 (26-7)

26-10

Access Control List Commands

26