Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 211
Multi-Service IronWare Security Configuration Guide
193
53-1003035-02
Configuring an IPv6 ACL
4
TABLE 28
Syntax descriptions (Continued)
IPv6 ACL arguments
Description
ipv6 access-list ACL name
Enables the IPv6 configuration level and defines the name of the IPv6 ACL.
The ACL name can contain up to 199 characters and numbers, but cannot
begin with a number and cannot contain any spaces or quotation marks.
The string "test" is a reserved string and cannot be used to form creation of
a named standard or extended ACL.
sequence num
The sequence parameter specifies where the conditional statement is to be
added in the access list. You can add a conditional statement at particular
place in an access list by specifying the entry number using the sequence
keyword. The range is from 1 through 214748364. If the sequence num
option is not specified, a default sequence number is applied to the clause.
The default value is 10+ the sequence number of the last ACL filter rule
provisioned in the ACL table. The default value for the first clause in an IPv6
ACL table is “10”.
permit
The ACL will permit (forward) packets that match a policy in the access list.
deny udp
The ACL will deny (drop) udp packets that match a policy in the access list.
ipv6-source-prefix/prefix-length
The ipv6-source-prefix/prefix-length parameter specify a source prefix and
prefix length that a packet must match for the specified action (deny or
permit) to occur. You must specify the ipv6-source-prefix parameter in
hexadecimal using 16-bit values between colons as documented in RFC
2373. You must specify the prefix-length parameter as a decimal value. A
slash mark (/) must follow the ipv6-prefix parameter and precede the
prefix-length parameter.
ipv6-destination-prefix/prefix-lengt
h
The ipv6-destination-prefix/prefix-length parameter specify a destination
prefix and prefix length that a packet must match for the specified action
(deny or permit) to occur. You must specify the ipv6-destination-prefix
parameter in hexadecimal using 16-bit values between colons as
documented in RFC 2373. You must specify the prefix-length parameter as a
decimal value. A slash mark (/) must follow the ipv6-prefix parameter and
precede the prefix-length parameter
any
When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix
and is equivalent to the IPv6 prefix::/0.
ipv6-source-prefix/prefix-length
The ipv6-source-prefix/prefix-length parameter specify a source prefix and
prefix length that a packet must match for the specified action (deny or
permit) to occur. You must specify the ipv6-source-prefix parameter in
hexadecimal using 16-bit values between colons as documented in RFC
2373. You must specify the prefix-length parameter as a decimal value. A
slash mark (/) must follow the ipv6-prefix parameter and precede the
prefix-length parameter.
ipv6-destination-prefix/prefix-lengt
h
The ipv6-destination-prefix/prefix-length parameter specify a destination
prefix and prefix length that a packet must match for the specified action
(deny or permit) to occur. You must specify the ipv6-destination-prefix
parameter in hexadecimal using 16-bit values between colons as
documented in RFC 2373. You must specify the prefix-length parameter as a
decimal value. A slash mark (/) must follow the ipv6-prefix parameter and
precede the prefix-length parameter
any
When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix
and is equivalent to the IPv6 prefix::/0.