Loading ...
Loading ...
Loading ...
User Guide 826
Configuring ACL ACL Configuration
The following example shows how to create IPv6 ACL 1600 and configure Rule 1 to deny
packets with source IPv6 address CDCD:910A:2222:5498:8475:1111:3900:2020:
Switch#configure
Switch(config)#access-list create 1600
Switch(config)#access-list ipv6 1600 rule 1 deny logging disable sip
CDCD:910A:2222:5498:8475:1111:3900:2020 sip-mask ffff:ffff:ffff:ffff
Switch(config)#show access-list 1600
IPv6 access list 1600 name: ACL_1600
rule 1 deny logging disable sip cdcd:910a:2222:5498:8475:1111:3900:2020 sip-mask ffff:ff
ff:ffff:ffff
Switch(config)#end
Switch#copy running-config startup-config
Packet Content ACL
Note:
Packet Content ACL is only available on certain devices.
Step 1 configure
Enter global configuration mode
Step 2 access-list create
acl-id
[name
acl-name
]
Create a Packet Content ACL.
acl-id:
Enter an ACL ID. The ID ranges from 2000 to 2499.
acl-name:
Enter a name to identify the ACL.
Step 3 access-list packet-content profile chunk-offset0
offset0
chunk-offset1
offset1
chunk-offset2
offset2
chunk-offset3
offset3
Specify the offset of each chunk, all the 4 chunks must be set at the same time.
offset0
-
offset3
: Specify the offset of each chunk, the value ranges from 0 to 31. When
the offset is set as 31, it matches the first 127,128, 1, 2 bytes of the packet; when the
offset is set as 0, it matches the 3, 4, 5, 6 bytes, and so on, for the rest of the offset
value.
Loading ...
Loading ...
Loading ...