Permit, deny (extended ipv6 acl) – LevelOne GTL-2690 User Manual

Page 508

Advertising
background image

IPv6 ACLs

26-9

26

permit, deny (Extended IPv6 ACL)

This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition
for packets with specific destination IP addresses, next header type, or flow label.
Use the no form to remove a rule.

Syntax

[no] {permit | deny}

{any | destination-ipv6-address[/prefix-length]}
[next-header next-header] [dscp dscp] [flow-label flow-label]

any – Keyword indicating any IPv6 destination address (an abbreviation for

the IPv6 prefix ::/0).

destination-ipv6-address - An IPv6 destination address. The address must

be formatted according to RFC 2373 “IPv6 Addressing Architecture,” using
8 colon-separated 16-bit hexadecimal values. One double colon may be
used in the address to indicate the appropriate number of zeros required to
fill the undefined fields. (The switch only checks the first 64 bits of the
destination address.)

prefix-length - A decimal value indicating how many contiguous bits (from

the left) of the address comprise the prefix (i.e., the network portion of the
address).

dscp – DSCP priority level. (Range: 0-63)
flow-label – A label for packets belonging to a particular traffic “flow” for

which the sender requests special handling by IPv6 routers, such as
non-default quality of service or “real-time” service (see RFC 2460).
(Range: 0-16777215)

next-header – Identifies the type of header immediately following the IPv6

header. (Range: 0-255)

Default Setting

None

Command Mode

Extended IPv6 ACL

Command Usage

• All new rules are appended to the end of the list.
• A flow label is assigned to a flow by the flow's source node. New flow labels

must be chosen pseudo-randomly and uniformly from the range 1 to FFFFF
hexadecimal. The purpose of the random allocation is to make any set of bits
within the Flow Label field suitable for use as a hash key by routers, for looking
up the state associated with the flow.
A flow identifies a sequence of packets sent from a particular source to a
particular (unicast or multicast) destination for which the source desires
special handling by the intervening routers. The nature of that special handling
might be conveyed to the routers by a control protocol, such as a resource
reservation protocol, or by information within the flow's packets themselves,

Advertising
Popular Brands
Popular manuals