- 905 -
the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny)
to take place.
Configurable Data
Rule ID - Enter a whole number in the range of (1 to 10) that will be used to identify the rule.
Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are
permit or deny.
Logging - When set to 'True', logging is enabled for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be generated
indicating the number of times this rule was 'hit' during the current report interval. A fixed 5 minute
report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the
current interval. This field is visible for a 'Deny' Action.
Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets
matching this IPv6 ACL rule. Valid range of Queue Ids is (0 to 7). This field is visible for a 'Permit'
Action.
Mirror Interface - Specifies the specific egress interface where the matching traffic stream is copied
in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is
already configured for the ACL rule. This field is visible for a 'Permit' Action
Redirect Interface - Specifies the specific egress interface where the matching traffic stream is
forced, bypassing any forwarding decision normally performed by the device. This field cannot be set
if a Mirror Interface is already configured for the ACL rule. This field is visible for a 'Permit' Action.
Match Every - Select true or false from the pull down menu. True signifies that all packets will match
the selected IPv6 ACL and Rule and will be either permitted or denied. In this case, since all packets
match the rule, the option of configuring other match criteria will not be offered. To configure specific
match criteria for the rule, remove the rule and re-create it, or re-configure 'Match Every' to 'False' for
the other match criteria to be visible.
Protocol - There are two ways to configure IPv6 protocol.
Specify an integer ranging from 0 to 255 after selecting protocol keyword "other". This number
represents the IP protocol
Select name of a protocol from the existing list of Internet Protocol (IP), Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMPv6).
Source Prefix / PrefixLength - Specify IPv6 Prefix combined with IPv6 Prefix length of the network
or host from which the packet is being sent. Prefix length can be in the range (0 to 128).
Source L4 Port - Specify a packet's source layer 4 port as a match condition for the selected IPv6
ACL rule. Source port information is optional. Source port information can be specified in two ways:
Select keyword "other" from the drop down menu and specify the number of the port in the range
from 0 to 65535.
Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP,
TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number,
which is used as both the start and end of the port range.
Destination Prefix / PrefixLength - Enter up to 128-bit prefix combined with prefix length to be
compared to a packet's destination IP Address as a match criteria for the selected IPv6 ACL rule.
Prefix length can be in the range (0 to 128).
Destination L4 Port Keyword - Specify the destination layer 4 port match conditions for the selected
IPv6 ACL rule. The possible values are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP,
TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is
used as both the start and end of the port range. This is an optional configuration.
Destination L4 Port Number - Specify a packet's destination layer 4 port number match condition for
the selected IPv6 ACL rule. This is an optional configuration.