Permit, deny (extended ipv6 acl), Permit , deny (extended ipv6 acl) – Accton Technology ES4524D User Manual
Page 397
IPv6 ACLs
44-9
44
permit, deny (Extended IPv6 ACL)
This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition
for packets with specific destination IP addresses, next header type, or flow label.
Use the no form to remove a rule.
Syntax
[no] {permit | deny}
{any | destination-ipv6-address[/prefix-length]}
[next-header next-header] [dscp dscp] [flow-label flow-label]
• any – Keyword indicating any IPv6 destination address (an abbreviation for
the IPv6 prefix ::/0).
• destination-ipv6-address - An IPv6 destination address. The address must
be formatted according to RFC 2373 “IPv6 Addressing Architecture,” using
8 colon-separated 16-bit hexadecimal values. One double colon may be
used in the address to indicate the appropriate number of zeros required to
fill the undefined fields. (The switch only checks the first 64 bits of the
destination address.)
• prefix-length - A decimal value indicating how many contiguous bits (from
the left) of the address comprise the prefix (i.e., the network portion of the
address).
• dscp – DSCP priority level. (Range: 0-63)
• flow-label – A label for packets belonging to a particular traffic “flow” for
which the sender requests special handling by IPv6 routers, such as
non-default quality of service or “real-time” service (see RFC 2460).
(Range: 0-16777215)
• next-header – Identifies the type of header immediately following the IPv6
header. (Range: 0-255)
Default Setting
None
Command Mode
Extended IPv6 ACL
Command Usage
• All new rules are appended to the end of the list.
• A flow label is assigned to a flow by the flow's source node. New flow labels
must be chosen pseudo-randomly and uniformly from the range 1 to FFFFF
hexadecimal. The purpose of the random allocation is to make any set of bits
within the Flow Label field suitable for use as a hash key by routers, for looking
up the state associated with the flow.
A flow identifies a sequence of packets sent from a particular source to a
particular (unicast or multicast) destination for which the source desires
special handling by the intervening routers. The nature of that special handling
might be conveyed to the routers by a control protocol, such as a resource
reservation protocol, or by information within the flow's packets themselves,