beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 205

background image

Multi-Service IronWare Security Configuration Guide

187

53-1003035-02

Configuring an IPv6 ACL

4

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6
prefix and is equivalent to the IPv6 prefix::/0.

host

Allows you to specify a host IPv6 address. When you use this
parameter, you do not need to specify the prefix length. A prefix
length of all128 is implied.

ipv6-operator

Allows you to filter the packets further by using one of the following
options:

dscp – The policy applies to packets that match the traffic class
value in the traffic class field of the IPv6 packet header. This
operator allows you to filter traffic based on TOS or IP
precedence. You can specify a value from 0 – 63.

fragments – The policy applies to fragmented packets that
contain a non-zero fragment offset.

NOTE: This option is not applicable to filtering based on source or

destination port, TCP flags, and ICMP flags.

routing – The policy applies only to IPv6 source-routed packets.

NOTE

This option is not applicable to filtering based on source or
destination port, TCP flags, and ICMP flags.

icmp-type

ICMP packets can be filtered by ICMP message type. The type is a
number from 0 to 255.

icmp code

ICMP packets, which are filtered by ICMP message type can also be
filtered by the ICMP message code. The code is a number from 0 to
255,

icmp-message

ICMP packets are filtered by ICMP messages.

copy-flow

Allows you to send packets matching ACL permit clause to the sFlow
collector.

drop-precedence dp-value

Assigns traffic that matches the ACL to a drop precedence value
between 0 -3.

drop-precedence-force dp-value

This keyword applies in situations where there are conflicting priority
values for
packets on an Ingress port, that conflict can be resolved by
performing a priority merge (the default) or by
using a force command to direct the router to use a particular value
above other values. The drop-precedence-
force keyword specifies that a drop precedence specified by an ACL
will be used above other
values. Assigns traffic that matches the ACL to a drop precedence
value between 0 -3.

dscp-marking dscp-value Use

the

dscp-marking dscp-value parameter to specify a new QoS

value to the packet. If a packet matches the filters in the ACL
statement, this parameter assigns the DSCP value that you specify
to the packet. Enter 0 – 63.

mirror

Allows you to mirror packets matching the ACL permit clause.

priority-force value

Allows you to force packets outgoing priority. You can specify a value
from 0 through 7.

IPv6 ACL arguments

Description

See also other documents in the category Brocade Computer Accessories: