beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 201

background image

Multi-Service IronWare Security Configuration Guide

183

53-1003035-02

Configuring an IPv6 ACL

4

source-ipv6_address

The host source-ipv6-address parameters allow you specify a source
host IPv6 address that a flow must match to be included in the
display.

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6
prefix and is equivalent to the IPv6 prefix::/0.

host

Allows you specify a host IPv6 address. When you use this
parameter, you do not need to specify the prefix length. A prefix
length of all 128 is implied.

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-length parameter specify a source
prefix and prefix length that a packet must match for the specified
action (deny or permit) to occur. You must specify the
ipv6-source-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter.

ipv6-destination-prefix/prefix-length

The ipv6-destination-prefix/prefix-length parameter specify a
destination prefix and prefix length that a packet must match for the
specified action (deny or permit) to occur. You must specify the
ipv6-destination-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6
prefix and is equivalent to the IPv6 prefix::/0.

host

Allows you to specify a host IPv6 address. When you use this
parameter, you do not need to specify the prefix length. A prefix
length of all128 is implied.

ipv6-operator

Allows you to filter the packets further by using one of the following
options:

dscp – The policy applies to packets that match the traffic class
value in the traffic class field of the IPv6 packet header. This
operator allows you to filter traffic based on TOS or IP
precedence. You can specify a value from 0 – 63.

fragments – The policy applies to fragmented packets that
contain a non-zero fragment offset.

NOTE: This option is not applicable to filtering based on source or

destination port, TCP flags, and ICMP flags.

routing – The policy applies only to IPv6 source-routed packets.

NOTE

This option is not applicable to filtering based on source or
destination port, TCP flags, and ICMP flags.

copy-flow

Allows you to send packets matching ACL permit clause to the sFlow
collector.

drop-precedence dp-value

Assigns traffic that matches the ACL to a drop precedence value
between 0 -3.

IPv6 ACL arguments

Description

See also other documents in the category Brocade Computer Accessories: