Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 154

Advertising
background image

134

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Creating an IPv6 ACL

Table 18

lists the syntax elements.

TABLE 18

Syntax descriptions

IPv6 ACL arguments

Description

ipv6 access-list ACL-name

Enables the IPv6 configuration level and defines the name of the IPv6 ACL.
The ACL-name can contain up to 199 characters and numbers, but cannot
begin with a number and cannot contain any spaces or quotation marks.

permit

The ACL will permit (forward) packets that match a policy in the access list.

deny

The ACL will deny (drop) packets that match a policy in the access list.

icmp

Indicates the you are filtering ICMP packets.

protocol

The type of IPv6 packet you are filtering. You can specify a well-known name
for some protocols whose number is less than 255. For other protocols, you
must enter the number. Enter “?” instead of a protocol to list the well-known
names recognized by the CLI. IPv6 protocols include
AHP – Authentication Header
ESP – Encapsulating Security Payload
IPv6 – Internet Protocol version 6
SCTP – Stream Control Transmission Protocol

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-length parameter specify a source prefix and
prefix length that a packet must match for the specified action (deny or
permit) to occur. You must specify the ipv6-source-prefix parameter in
hexadecimal using 16-bit values between colons as documented in RFC
2373. You must specify the prefix-length parameter as a decimal value. A
slash mark (/) must follow the ipv6-prefix parameter and precede the
prefix-length parameter.


ipv6-destination-prefix/prefix-lengt
h

The ipv6-destination-prefix/prefix-length parameter specify a destination
prefix and prefix length that a packet must match for the specified action
(deny or permit) to occur. You must specify the ipv6-destination-prefix
parameter in hexadecimal using 16-bit values between colons as
documented in RFC 2373. You must specify the prefix-length parameter as a
decimal value. A slash mark (/) must follow the ipv6-prefix parameter and
precede the prefix-length parameter

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix
and is equivalent to the IPv6 prefix::/0.

host

Allows you specify a host IPv6 address. When you use this parameter, you do
not need to specify the prefix length. A prefix length of all128 is implied.

icmp-type

ICMP packets can be filtered by ICMP message type. The type is a number
from 0 to 255.

icmp code

ICMP packets, which are filtered by ICMP message type can also be filtered
by the ICMP message code. The code is a number from 0 to 255,

icmp-message

ICMP packets are filtered by ICMP messages. Refer to

“ICMP message

configurations”

on page 136 for a list of ICMP message types.

tcp

Indicates the you are filtering TCP packets.

udp

Indicates the you are filtering UDP packets.

Advertising
Popular Brands
Popular manuals