beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 209

background image

Multi-Service IronWare Security Configuration Guide

191

53-1003035-02

Configuring an IPv6 ACL

4

tcp-udp-operator

The tcp-udp-operator parameter can be one of the following:

eq – The policy applies to the TCP or UDP port name or number
you enter after eq.

gt – The policy applies to TCP or UDP port numbers greater than
the port number or the numeric equivalent of the port name
you enter after gt. Enter "?" to list the port names.

lt – The policy applies to TCP or UDP port numbers that are less
than the port number or the numeric equivalent of the port
name you enter after lt.

neq – The policy applies to all TCP or UDP port numbers except
the port number or port name you enter after neq.

range – The policy applies to all TCP port numbers that are
between the first TCP or UDP port name or number and the
second one you enter following the range parameter. The range
includes the port names or numbers you enter. For example, to
apply the policy to all ports between and including 23 (Telnet)
and 53 (DNS), enter the following range 23 53. The first port
number in the range must be lower than the last number in the
range.

The source-port number and destination-port-number for the
tcp-udp-operator is the number of the port.

source-port number and
destination-port-number

The source-port number and destination-port-number for the
tcp-udp-operator are the numbers of the source and destination
ports.

ipv6-operator

Allows you to filter the packets further by using one of the following
options:

dscp – The policy applies to packets that match the traffic class
value in the traffic class field of the IPv6 packet header. This
operator allows you to filter traffic based on TOS or IP
precedence. You can specify a value from 0 – 63.

fragments – The policy applies to fragmented packets that
contain a non-zero fragment offset.

NOTE: This option is not applicable to filtering based on source or

destination port, TCP flags, and ICMP flags.

routing – The policy applies only to IPv6 source-routed packets.

NOTE

This option is not applicable to filtering based on source or
destination port, TCP flags, and ICMP flags.

copy-flow

Allows you to send packets matching ACL permit clause to the sFlow
collector.

drop-precedence dp-value

Assigns traffic that matches the ACL to a drop precedence value
between 0 -3.

drop-precedence-force dp-value

This keyword applies in situations where there are conflicting priority
values for
packets on an Ingress port, that conflict can be resolved by
performing a priority merge (the default) or by
using a force command to direct the router to use a particular value
above other values. The drop-precedence-force keyword specifies
that a drop precedence specified by an ACL will be used above other
values. Assigns traffic that matches the ACL to a drop precedence
value between 0 -3.

IPv6 ACL arguments

Description

See also other documents in the category Brocade Computer Accessories: