For icmp – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 202
184
Multi-Service IronWare Security Configuration Guide
53-1003035-02
Configuring an IPv6 ACL
4
For ICMP
Syntax: [no] ipv6 access-list acl name
Syntax: [no] permit | deny icmp
ipv6-source-prefix/prefix-length | any | host source-ipv6_address
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[ipv6-operator [value]]
[ [icmp-type][icmp-code] ] | [icmp-message] | beyond-scope |
destination-unreachable | echo-reply | echo-request | header | hop-limit | mld-query |
mld-reduction | mld-report | nd-na | nd-ns | next-header | no-admin | no-route |
packet-too-big | parameter-option | parameter-problem | port-unreachable |
reassembly-timeout | renum-command | renum-result | renum-seq-number |
router-advertisement | router-renumbering | router-solicitation] | [copy-sflow] |
[drop-precedence dp-value] | [drop-precedence-force dp-value] | [dscp
dscp-value] | [dscp-marking dscp-value] | [mirror] | [priority-force number] | [sequence
num]
Syntax: [no] [sequence num] permit | deny icmp
ipv6-source-prefix/prefix-length | any | host source-ipv6_address
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[ipv6-operator [value]]
[ [icmp-type][icmp-code] ] | [icmp-message] | beyond-scope |
destination-unreachable | echo-reply | echo-request | header | hop-limit | mld-query |
mld-reduction | mld-report | nd-na | nd-ns | next-header | no-admin | no-route |
packet-too-big | parameter-option | parameter-problem | port-unreachable |
reassembly-timeout | renum-command | renum-result | renum-seq-number |
router-advertisement | router-renumbering | router-solicitation] | [copy-sflow] |
[drop-precedence dp-value] | [drop-precedence-force dp-value] | [dscp
dscp-value] | [dscp-marking dscp-value] | [mirror] | [priority-force number]
Syntax: regenerate-seq-num [num]
drop-precedence-force dp-value
This keyword applies in situations where there are conflicting priority
values for
packets on an Ingress port, that conflict can be resolved by
performing a priority merge (the default) or by
using a force command to direct the router to use a particular value
above other values. The drop precedence-
force keyword specifies that a drop precedence specified by an ACL
will be used above other
values. Assigns traffic that matches the ACL to a drop precedence
value between 0 -3.
dscp-marking dscp-value Use
the
dscp-marking dscp-value parameter to specify a new QoS
value to the packet. If a packet matches the filters in the ACL
statement, this parameter assigns the DSCP value that you specify
to the packet. Enter 0 – 63.
mirror
Allows you to mirror packets matching the ACL permit clause.
priority-force value
Allows you to force packets outgoing priority. You can specify a value
from 0 through 7.
IPv6 ACL arguments
Description