22 permit | deny(ipv6 standard), 23 permit | deny(mac extended), Permit – PLANET XGS3-24040 User Manual

Page 743: Deny, Standard, Mac extended

Advertising
background image

Commands for Security Function Chapter 2 Commands for 802.1x

41-15

Function: Create an extended nomenclature IPv6 access control rule for specific IPv6 protocol.

Parameter:<sIPv6Addr> is the source IPv6 address;<sPrefixlen> is the length of the IPv6 address

prefix, the range is 1~128;<dIPv6Addr> is the destination IPv6 address;<dPrefixlen> is the length of

the IPv6 address prefix, the range is 1 ~ 128;<igmp-type>,type of the IGMP;<icmp-type>,icmp

type;<icmp-code>,icmp protocol number;<dscp>,IPv6 priority ,the range is 0~63; <flowlabel>,value

of the flow label, the range is 0~1048575;syn,ack,urg,rst,fin,psh,tcp label position; <sPort>, source

port number, the range is 0~65535; <sPortMin>, the down boundary of source port; <sPortMax>, the

up boundary of source port;

<dPort>, destination port number, the range is 0~65535; <dPortMin>, the

down boundary of destination port; <dPortMax>, the up boundary of destination port. <next-header>,

the IPv6 next-header. <time-range-name>, time range name.

Command Mode: IPv6 nomenclature extended access control list mode

Default: No access control list configured.

Example: Create an extended access control list named udpFlow, denying the igmp packets while

allowing udp packets with destination address 2001:1:2:3::1 and destination port 32.

Switch(config)#ipv6 access-list extended udpFlow

Switch(Config-IPv6-Ext-Nacl-udpFlow)#deny igmp any any-destination

Switch(Config-IPv6-Ext-Nacl-udpFlow)#permit udp any-source host-destination 2001:1:2:3::1

dPort 32

41.22 permit | deny(ipv6 standard)

Command: [no] {deny | permit} {{<sIPv6Prefix/sPrefixlen>} | any-source | {host-source

<sIPv6Addr>}}

Function: Create a standard nomenclature IPv6 access control rule; the “no” form of this command

deletes the nomenclature standard IPv6 access control rule.

Parameter: <sIPv6Prefix> is the prefix of the source IPv6 address,<sPrefixlen> is the length of the

IPv6 address prefix, the valid range is 1~128. <sIPv6Addr> is the source IPv6 address.

Command Mode: Standard IPv6 nomenclature access list mode

Default: No access list configured by default.

Usage Guide:

Example: Permit packets with source address of 2001:1:2:3::1/64 while denying those with source

address of 2001:1:2:3::1/48.

Switch(config)#ipv6 access-list standard ipv6Flow

Switch(Config-IPv6-Std-Nacl-ipv6Flow)# permit 2001:1:2:3::1/64

Switch(Config-IPv6-Std-Nacl-ipv6Flow)# deny 2001:1:2:3::1/48

41.23 permit | deny(mac extended)

Command:

[no]{deny|permit}

{any-source-mac|{host-source-mac

<host_smac>

}|{

<smac>

Advertising
See also other documents in the category PLANET Routers: