HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Configuration Commands

summary of the syntax options, refer to “Command Summary for Configuring
ACLs” on page 8-43.)

Syntax:

< deny | permit > icmp < SA > < DA > [ icmp-type [icmp-code]]
< deny | permit > icmp < SA > < DA > [ icmp-type-name ]

Using

icmp as the packet protocol type, you can optionally

specify an individual ICMP packet type or packet type/code
pair to further define the criteria for a match. This option,
if used, is entered immediately after the destination IP
address (DA) entry. The following example shows two
ACEs entered in an ACL context:

#permit icmp any any 1 3

#permit icmp any any destination-unreachable

[ icmp-type [ icmp-code ] ]

This option identifies an individual ICMP packet type as
criteria for permitting or denying that type of ICMP traffic
in an ACE.
• icmp-type — This value is in the range of 0 - 255 and

corresponds to an ICMP packet type.

• icmp-code — This value corresponds to an ICMP code for

an ICMP packet type. It is optional, and needed only
when a particular ICMP subtype is needed as a filtering
criterion. (Range: 0 - 255)

For example, the following ACE specifies “destination
unreachable” (ICMP type 1) where “address unreachable”
(3; a subtype of “destination unreachable”) is the specific
code.

#permit icmp any any 1 3

For more information on ICMP types and codes, visit the
Internet Assigned Numbers Authority (IANA) website at
www.iana.com, and refer to “Internet Control Message Pro­
tocol version 6 (ICMPv6) Type Numbers”.

8-55