Loading ...
Loading ...
Loading ...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
22
Extended IPv6 ACLs of some important protocols:
[sn] {permit | deny} tcp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port]
{destination-ipv6-prefix/prefix-length | host destination-ipv6-address | any} [operator port] [tcp-flag] [dscp dscp]
[flow-label flow-label] [fragments] [time-range time-range-name]
[sn] {permit | deny} udp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port]
{destination-ipv6-prefix/prefix-length | host destination-ipv6-address | any} [operator port] [dscp dscp] [flow-
label flow-label] [fragments] [time-range time-range-name]
[sn] {permit | deny} icmp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} {destination-ipv6-
prefix/prefix-length | host destination-ipv6-address | any} [{icmp-type [icmp-code] | icmp-message}] [dscp
dscp] [flow-label flow-label] [fragments] [time-range time-range-name]
no sn
Parameters
sn (Optional) Specifies the ACE sequence number used. This number must be between
1 and 65535.
protocol Specifies the name or number of an IPv6 protocol used. Protocol names, that can be
used are 'esp', 'ipv6', 'pcp', 'sctp', ‘tcp’, ‘udp’, ‘icmp’ or an integer in the range 0 to
255 representing an IP protocol number. Additional specific parameters are used for
‘tcp’, ‘udp’, and ‘icmp’. The ‘ipv6’ name means any IPv6 Protocol.
source-ipv6-prefix Specifies the source IPv6 network address or network type.
destination-ipv6-prefix Specifies the destination IPv6 network address or network type.
prefix-length Specifies the prefix mask length.
source-ipv6-address Specifies the source IPv6 address.
destination-ipv6-address Specifies the destination IPv6 address.
any Means any source or destination IPv6 address.
operator (Optional) Possible operators include ‘eq’ (equal), ‘gt’ (greater than), ‘lt’ (less than),
‘neq’ (not equal), and ‘range’ (inclusive range). Note that the range operator needs
two port numbers, while other operators only need one port number.
port Specifies the Layer 4 port number as a decimal number (from 0 to 65535) or the
name of a Layer 4 port.
TCP port names used:
'bgp', 'chargen', 'daytime', 'discard', 'domain', 'echo', 'rexec', 'finger', 'ftp', 'ftp-data',
'gopher', 'hostname', 'ident', 'irc', 'klogin', 'kshell', 'login', 'lpd', 'nntp', 'snpp',
'pop2', 'pop3', 'smtp', 'sunrpc', 'shell', 'tacacs', 'telnet', 'time', 'uucp', 'whois',
'http'.
UDP port names used:
'biff', 'bootpc', 'bootps', 'discard', 'irc', 'domain', 'echo', 'isakmp', 'mobile-ip',
'nameserver', 'netbios-dgm', 'netbios-ns', 'netbios-ss', 'nat-t', 'ntp', 'snpp', 'rip',
'snmp', 'snmptrap', 'sunrpc', 'syslog', 'tacacs', 'talk', 'tftp', 'time', 'who', 'xdmcp'.
dscp dscp (Optional) Enter the DSCP value to match a differentiated services code point value
against the traffic class value in the Traffic Class field of each IPv6 packet header.
The acceptable range is from 0 to 255.
fragments (Optional) Specifies packet fragment filtering.
time-range time-range-
name
(Optional) Specifies the name of the time-period profile associated with the access-
list delineating its activation period.
tcp-flag (Optional) Specifies the TCP flag fields. The specified TCP header bits that can be
used are ‘ack’ (acknowledge), ‘fin’ (finish), ‘psh’ (push), ‘rst’ (reset), ‘syn’
(synchronize), or ‘urg’ (urgent).
icmp-type (Optional) Specifies the ICMP message type. The valid number for the message type
is from 0 to 255.
icmp-code (Optional) Specifies the ICMP message code. The valid number for the message
code is from 0 to 255
Loading ...
Loading ...
Loading ...