13 ipv6 access-list, Access, List – PLANET XGS3-24040 User Manual
Page 738
Commands for Security Function Chapter 2 Commands for 802.1x
41-10
41.13 ipv6 access-list
Command: ipv6 access-list <num-std> {deny | permit} {<sIPv6Prefix/sPrefixlen> | any-source |
{host-source <sIPv6Addr>}}
ipv6 access-list <num-ext> {deny | permit} icmp {{ <sIPv6Prefix/sPrefixlen> } |
any-source | {host-source <sIPv6Addr> }} { <dIPv6Prefix/dPrefixlen> | any-destination |
{host-destination <dIPv6Addr> }} [ <icmp-type> [ <icmp-code> ]] [dscp <dscp> ] [flow-label
<fl> ][time-range <time-range-name> ]
ipv6 access-list <num-ext> {deny | permit} tcp {{ <sIPv6Prefix/<sPrefixlen> } |
any-source | {host-source <sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }]
{{ <dIPv6Prefix/<dPrefixlen> } | any-destination | {host-destination <dIPv6Addr> }} [dPort
{ <dPort> | range <dPortMin> <dPortMax> }] [syn | ack | urg | rst | fin | psh] [dscp <dscp> ]
[flow-label <flowlabel> ][time-range <time-range-name> ]
ipv6 access-list <num-ext> {deny | permit} udp {{ <sIPv6Prefix/<sPrefixlen> } |
any-source | {host-source <sIPv6Addr> }} [s-port { <sPort> | range <sPortMin> <sPortMax> }]
{{ <dIPv6Prefix/<dPrefixlen> } | any-destination | {host-destination <dIPv6Addr> }} [dPort
{ <dPort> | range <dPortMin> <dPortMax> }] [dscp <dscp> ] [flow-label <flowlabel> ][time-range
<time-range-name> ]
ipv6 access-list <num-ext> {deny | permit} <next-header> { <sIPv6Prefix/sPrefixlen> |
any-source | {host-source <sIPv6Addr> }} { <dIPv6Prefix/dPrefixlen> | any-destination |
{host-destination
<dIPv6Addr>
}}
[dscp
<dscp>
]
[flow-label
<fl>
][time-range
<time-range-name> ]
no ipv6 access-list { <num-std> | <num-ext> }
Functions: Creates a numbered standard IP access-list, if the access-list already exists, then a rule will
add to the current access-list; the “no access-list {<num-std>|<num-ext>} “command deletes a
numbered standard IP access-list.
Parameters: <num-std> is the list number ,list range is between 500~599; <num-ext> is the list
number ,list range is between 600~699; <sIPv6Prefix> is the prefix of the ipv6 source address;
<sPrefixlen > is the length of prefix of the ipv6 source address, range is between 1~128; <sIPv6Addr>
is the ipv6 source address; <dIPv6Prefix> is the prefix of the ipv6 destination address; <dPrefixlen > is
the length of prefix of the ipv6 destination address, range is between 1~128; <dIPv6Addr> is the ipv6
destination address; <icmp-type>, the type of icmp; <icmp-code>,the protocol code of icmp; <dscp>,
IPv6 priority, range from 0 to 63; <flowlabel>,value of flow tag, range from 0 to 1048575; syn,ack,
urg,
rst,
fin,
psh,
tcp label position; <sPort>, source port No., 0-65535; <sPortMin>, the down boundary
of source port; <sPortMax>, the up boundary of source port; <dPort>,destination port No., range from 0
to 65535; <dPortMin>, the down boundary of destination port; <dPortMax>, the up boundary of
destination port; <next-header>,the next header of IPv6, range from 0 to 255; <time-range-name>, the
name of time-range.
Command Mode: Global Mode.
Default: No access-list configured.
Usage Guide: Creates a numbered 520 standard IP access-list first time, the following configuration will
add to the current access-list.
Examples: Creates a numbered 520 standard IP access-list, allow the source packet from
2003:1:2:3::1/64 pass through the net, and deny all the other packet from the source address