HP 6200YL User Manual
Page 231
IPv6 Access Control Lists (ACLs)
Configuration Commands
summary of the syntax options, refer to “Command Summary for Configuring
ACLs” on page 8-43.)
Syntax:
< deny | permit > icmp < SA > < DA > [ icmp-type [icmp-code]]
< deny | permit > icmp < SA > < DA > [ icmp-type-name ]
Using
icmp as the packet protocol type, you can optionally
specify an individual ICMP packet type or packet type/code
pair to further define the criteria for a match. This option,
if used, is entered immediately after the destination IP
address (DA) entry. The following example shows two
ACEs entered in an ACL context:
#permit icmp any any 1 3
#permit icmp any any destination-unreachable
[ icmp-type [ icmp-code ] ]
This option identifies an individual ICMP packet type as
criteria for permitting or denying that type of ICMP traffic
in an ACE.
• icmp-type — This value is in the range of 0 - 255 and
corresponds to an ICMP packet type.
• icmp-code — This value corresponds to an ICMP code for
an ICMP packet type. It is optional, and needed only
when a particular ICMP subtype is needed as a filtering
criterion. (Range: 0 - 255)
For example, the following ACE specifies “destination
unreachable” (ICMP type 1) where “address unreachable”
(3; a subtype of “destination unreachable”) is the specific
code.
#permit icmp any any 1 3
For more information on ICMP types and codes, visit the
Internet Assigned Numbers Authority (IANA) website at
www.iana.com, and refer to “Internet Control Message Pro
tocol version 6 (ICMPv6) Type Numbers”.
8-55