Syntax for creating an ipv6 acl, For icmp, For tcp – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Syntax for creating an IPv6 ACL

NOTE
The following features are not supported:

• ipv6-operator flow-label
• ipv6-operator fragments when any protocol is specified. The option " fragments" can be specified

only when "permit/deny ipv6" is specified. If you specify "tcp" or any other protocol instead of "ipv6"
the keyword, "fragments" cannot be used.

• ipv6-operator routing when any protocol is specified. (Same limitation as for ipv6-

operatorfragments )

When creating ACLs, use the appropriate syntax below for the protocol you are filtering.

For IPv6 and supported protocols other than ICMP, TCP, or UDP

Syntax: [no] ipv6 access-list ACL-name

{ permit | deny } protocol

{ ipv6-source-prefix/prefix-length | any | host source-ipv6_address ipv6-destination-prefix/prefix-length |
any | host ipv6-destination-address }

[ ipv6-operator [ value ]]

[802.1p-priority-matching number ]

[[ dscp-marking number 802.1p-priority-marking number internal-priority-marking number ] | [dscp-
marking dscp-value dscp-cos-mapping ] | [dscp-cos-mapping ]]

For ICMP

Syntax: [no] ipv6 access-list ACL-name

{ permit | deny } icmp {ipv6-source-prefix/prefix-length | any | host source-ipv6_address ipv6-
destination-prefix/prefix-length | any | host ipv6-destination-address }

[ ipv6-operator [ value ]]

[[ icmp-type ] [icmp-code ]] | [ icmp-message ]

[ dscp-marking number ]

[dscp-marking dscp-value dscp-cos-mapping ]

[dscp-cos-mapping ]]

For TCP

Syntax: [no] ipv6 access-list ACL-name

{ permit | deny } tcp

{ipv6-source-prefix/prefix-length | any | host source-ipv6_address [ tcp-udp-operator }

[ source-port-number ]]ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address }

[ tcp-udp-operator [ destination-port-number ]]

[ ipv6-operator [ value ]]

Syntax for creating an IPv6 ACL

FastIron Ethernet Switch Security Configuration Guide

159

53-1003088-03