Brocade Communications Systems 6650 Switch User Manual


 
134 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Creating an IPv6 ACL
Table 18 lists the syntax elements.
TABLE 18 Syntax descriptions
IPv6 ACL arguments Description
ipv6 access-list ACL-name Enables the IPv6 configuration level and defines the name of the IPv6 ACL.
The ACL-name can contain up to 199 characters and numbers, but cannot
begin with a number and cannot contain any spaces or quotation marks.
permit The ACL will permit (forward) packets that match a policy in the access list.
deny The ACL will deny (drop) packets that match a policy in the access list.
icmp Indicates the you are filtering ICMP packets.
protocol The type of IPv6 packet you are filtering. You can specify a well-known name
for some protocols whose number is less than 255. For other protocols, you
must enter the number. Enter “?” instead of a protocol to list the well-known
names recognized by the CLI. IPv6 protocols include
AHP – Authentication Header
ESP – Encapsulating Security Payload
IPv6 – Internet Protocol version 6
SCTP – Stream Control Transmission Protocol
ipv6-source-prefix/prefix-length The ipv6-source-prefix/prefix-length parameter specify a source prefix and
prefix length that a packet must match for the specified action (deny or
permit) to occur. You must specify the ipv6-source-prefix parameter in
hexadecimal using 16-bit values between colons as documented in RFC
2373. You must specify the prefix-length parameter as a decimal value. A
slash mark (/) must follow the ipv6-prefix parameter and precede the
prefix-length parameter.
ipv6-destination-prefix/prefix-lengt
h
The ipv6-destination-prefix/prefix-length parameter specify a destination
prefix and prefix length that a packet must match for the specified action
(deny or permit) to occur. You must specify the ipv6-destination-prefix
parameter in hexadecimal using 16-bit values between colons as
documented in RFC 2373. You must specify the prefix-length parameter as a
decimal value. A slash mark (/) must follow the ipv6-prefix parameter and
precede the prefix-length parameter
any When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix
and is equivalent to the IPv6 prefix::/0.
host Allows you specify a host IPv6 address. When you use this parameter, you do
not need to specify the prefix length. A prefix length of all128 is implied.
icmp-type ICMP packets can be filtered by ICMP message type. The type is a number
from 0 to 255.
icmp code ICMP packets, which are filtered by ICMP message type can also be filtered
by the ICMP message code. The code is a number from 0 to 255,
icmp-message ICMP packets are filtered by ICMP messages. Refer to “ICMP message
configurations” on page 136 for a list of ICMP message types.
tcp Indicates the you are filtering TCP packets.
udp Indicates the you are filtering UDP packets.