Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 204

Advertising
background image

186

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring an IPv6 ACL

4

NOTE

Refer to

“Configuration considerations for IPv6 ACL and multicast traffic for 2X100GE modules

installed on NetIron MLX and NetIron XMR devices”

regarding 2x100 GE IPv6 ACL rule exceptions

for multicast traffic.

TABLE 26

Syntax descriptions

IPv6 ACL arguments

Description

ipv6 access-list ACL name

Enables the IPv6 configuration level and defines the name of the
IPv6 ACL. The ACL name can contain up to 199 characters and
numbers, but cannot begin with a number and cannot contain any
spaces or quotation marks. The string "test" is a reserved string and
cannot be used to form creation of a named standard or extended
ACL.

sequence num

The sequence parameter specifies where the conditional statement
is to be added in the access list. You can add a conditional
statement at particular place in an access list by specifying the entry
number using the sequence keyword. The range is from 1 through
214748364. If the sequence num option is not specified, a default
sequence number is applied to the clause. The default value is 10+
the sequence number of the last ACL filter rule provisioned in the
ACL table. The default value for the first clause in an IPv6 ACL table
is “10”.

permit

The ACL will permit (forward) packets that match a policy in the
access list.

deny

The ACL will deny (drop) packets that match a policy in the access
list.

protocol

The type of IPv6 packet you are filtering. You can specify a
well-known name for some protocols whose number is less than
255. For other protocols, you must enter the number. Enter “?”
instead of a protocol to list the well-known names recognized by the
CLI. IPv6 protocols include
AHP – Authentication Header
ESP – Encapsulating Security Payload
IPv6 – Internet Protocol version 6
SCTP – Stream Control Transmission Protocol

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-length parameter specify a source
prefix and prefix length that a packet must match for the specified
action (deny or permit) to occur. You must specify the
ipv6-source-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter.

ipv6-destination-prefix/prefix-length

The ipv6-destination-prefix/prefix-length parameter specify a
destination prefix and prefix length that a packet must match for the
specified action (deny or permit) to occur. You must specify the
ipv6-destination-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter

Advertising
Popular Brands
Popular manuals