HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)
Configuration Commands

Options for TCP and UDP Traffic in IPv6 ACLs.

An ACE designed to

permit or deny TCP or UDP traffic can optionally include port number criteria
for either the source or destination, or both. Use of TCP criteria also allows
the

established option for controlling TCP connection traffic. (For a summary

of the syntax options, refer to “Command Summary for Configuring ACLs” on
page 8-43.)

TCP:

< deny | permit > tcp

< SA > [comparison-operator < tcp-src-port >]

< DA > [comparison-operator < tcp-dest-port >]

[established]
[ ack ] [ fin ] [ rst ] [ syn ]

UDP:

< deny | permit > udp

< SA > [comparison-operator < udp-src-port >]

< DA > [comparison-operator < udp-dest-port >]

In an IPv6 ACL using either

tcp or udp as the IP packet protocol

type, you can optionally apply comparison operators specifying
TCP or UDP source and/or destination port numbers or ranges of
numbers to further define the criteria for a match. For example:
#

deny tcp host fe80::119 eq 23 host fe80::155

established

#permit tcp host 2001:db8::10.100 host

2001:db8::15:12 eq telnet

#deny udp 2001:db8::ad5:1f4 host 2001:db8::ad0:ff3

range 161 162

[comparison-operator < tcp/udp-src-port >]

To specify a TCP or UDP source port number in an ACE, (1)
select a comparison operator from the following list and (2)
enter the port number or a well-known port name.

8-52