PLANET XGS3-24040 User Manual

Page 452

Advertising
background image

Chapter 46 ACL Configuration

46-14

13Configuring an name-based extended IPV6 access-list

a. Create an extended IPV6 access-list basing on nomenclature

Command

Explanation

Global Mode

ipv6 access-list extended <name>

no ipv6 access-list extended <name>

Creates an extended IPV6

access-list basing on

nomenclature; the no

command deletes the

name-based extended IPV6

access-list.


b. Specify multiple permit or deny rules

Command

Explanation

Extended IPV6 ACL Mode

[no] {deny | permit} icmp {{<sIPv6Prefix/sPrefixlen>} |

any-source | {host-source <sIPv6Addr>}}

{<dIPv6Prefix/dPrefixlen> | any-destination |

{host-destination <dIPv6Addr>}} [<icmp-type>

[<icmp-code>]] [dscp <dscp>] [flow-label <flowlabel>]

[time-range <time-range-name>]

Creates an extended

name-based ICMP IPv6

access rule; the no form

command deletes this

name-based extended IPv6

access rule.

[no] {deny | permit} tcp {<sIPv6Prefix/sPrefixlen> |

any-source | {host-source <sIPv6Addr>}} [s-port

{ <sPort> | range <sPortMin> <sPortMax> }]

{<dIPv6Prefix/dPrefixlen> | any-destination |

{host-destination <dIPv6Addr>}} [dPort { <dPort> |

range <sPortMin> <sPortMax> }] [syn | ack | urg | rst |

fin | psh] [dscp <dscp>] [flow-label <flowlabel>]

[time-range <time-range-name>]

Creates an extended

name-based TCP IPV6

access rule; the no form

command deletes this

name-based extended IPV6

access rule.

[no] {deny | permit} udp {<sIPv6Prefix/sPrefixlen> |

any-source | {host-source <sIPv6Addr>}} [s-port

{ <sPort> | range <sPortMin> <sPortMax> }]

{<dIPv6Prefix/dPrefixlen> | any-destination |

{host-destination <dIPv6Addr>}} [d-port { <dPort> |

range <sPortMin> <sPortMax> }] [dscp <dscp>]

[flow-label <flowlabel>] [time-range

<time-range-name>]

Creates an extended

name-based UDP IPV6

access rule; the no form

command deletes this

name-based extended IPV6

access rule..

[no] {deny | permit} <proto> {<sIPv6Prefix/sPrefixlen>

| any-source | {host-source <sIPv6Addr>}}

{<dIPv6Prefix/dPrefixlen> | any-destination |

{host-destination <dIPv6Addr>}} [dscp <dscp>]

[flow-label <flowlabel>] [time-range

Creates an extended

name-based IPV6 access

rule for other IPV6 protocols;

the

no

form command

deletes this name-based

Advertising
Popular Brands
Popular manuals