beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 208

background image

190

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring an IPv6 ACL

4

source-ipv6_address

The host source-ipv6-address parameters allow you specify a source
host IPv6 address that a flow must match to be included in the
display.

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6
prefix and is equivalent to the IPv6 prefix::/0.

host

Allows you specify a host IPv6 address. When you use this
parameter, you do not need to specify the prefix length. A prefix
length of all 128 is implied.

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-length parameter specify a source
prefix and prefix length that a packet must match for the specified
action (deny or permit) to occur. You must specify the
ipv6-source-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter.

ipv6-destination-prefix/prefix-length

The ipv6-destination-prefix/prefix-length parameter specify a
destination prefix and prefix length that a packet must match for the
specified action (deny or permit) to occur. You must specify the
ipv6-destination-prefix parameter in hexadecimal using 16-bit values
between colons as documented in RFC 2373. You must specify the
prefix-length parameter as a decimal value. A slash mark (/) must
follow the ipv6-prefix parameter and precede the prefix-length
parameter

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6
prefix and is equivalent to the IPv6 prefix::/0.

host

Allows you to specify a host IPv6 address. When you use this
parameter, you do not need to specify the prefix length. A prefix
length of all128 is implied.

tcp-operator [value]

Specifies a comparison operator for the TCP port. This parameter
applies only when you specify tcp as the protocol. You can enter one
of the following operators:
established – This operator applies only to TCP packets. If you use
this operator, the policy applies to TCP packets that have the ACK
(Acknowledgment) or RST (Reset) bits set on (set to “1”) in the
Control Bits field of the TCP packet header. The policy applies only to
established TCP sessions, not to new sessions.
syn – The policy applies to TCP packets with the SYN (Synchronize)
bits set on (set to “1”) in the Control Bits field of the TCP packet
header.

IPv6 ACL arguments

Description

See also other documents in the category Brocade Computer Accessories: