Dell POWEREDGE M1000E User Manual

2-389

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference

OL-13271-03

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

permit (IPv6 access-list configuration)

Command History

Usage Guidelines

The permit (IPv6 access-list configuration mode) command is similar to the permit (IPv4 access-list
configuration mode) command, but it is IPv6-specific.

Use the permit (IPv6) command after the

ipv6 access-list

command to enter IPv6 access-list

configuration mode and to define the conditions under which a packet passes the access list.

Specifying IPv6 for the protocol argument matches against the IPv6 header of the packet.

By default, the first statement in an access list is number 10, and the subsequent statements increment
by 10.

You can add permit, deny, or remark statements to an existing access list without re-entering the entire
list. To add a new statement anywhere other than at the end of the list, create a new statement with an
appropriate entry number that falls between two existing entry numbers to show where it belongs.

See the

ipv6 access-list

command for more information on defining IPv6 ACLs.

Note

Every IPv6 ACL has implicit permit icmp any any nd-na, permit icmp any any nd-ns, and deny ipv6
any any statements as its last match conditions. The two permit conditions allow ICMPv6 neighbor
discovery. To disallow ICMPv6 neighbor discovery and to deny icmp any any nd-na or icmp any any
nd-ns, there must be an explicit deny entry in the ACL. For the three implicit statements to take effect,
an IPv6 ACL must contain at least one entry.

The IPv6 neighbor discovery process uses the IPv6 network layer service. Therefore, by default, IPv6
ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In IPv4,
the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, uses
a separate data link layer protocol. Therefore, by default, IPv4 ACLs implicitly allow ARP packets to be
sent and received on an interface.

Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are used
for traffic filtering (the source prefix filters traffic based upon the traffic source; the destination prefix
filters traffic based upon the traffic destination).

The switch supports IPv6 address matching for a full range of prefix-lengths.

The fragments keyword is an option only if the operator [port-number] arguments are not specified.

This is a list of ICMP message names:

Release

Modification

12.2(40)EX1

This command was introduced.

beyond-scope

destination-unreachable

echo-reply

echo-request

header

hop-limit

mld-query

mld-reduction

mld-report

nd-na

nd-ns

next-header

no-admin

no-route

packet-too-big

parameter-option