beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 212

background image

194

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring an IPv6 ACL

4

host

Allows you specify a host IPv6 address. When you use this parameter, you do
not need to specify the prefix length. A prefix length of all128 is implied.

tcp-udp-operator

The tcp-udp-operator parameter can be one of the following:

eq – The policy applies to the TCP or UDP port name or number you
enter after eq.

gt – The policy applies to TCP or UDP port numbers greater than the
port number or the numeric equivalent of the port name you enter after
gt. Enter "?" to list the port names.

lt – The policy applies to TCP or UDP port numbers that are less than
the port number or the numeric equivalent of the port name you enter
after lt.

neq – The policy applies to all TCP or UDP port numbers except the port
number or port name you enter after neq.

range – The policy applies to all TCP port numbers that are between
the first TCP or UDP port name or number and the second one you
enter following the range parameter. The range includes the port
names or numbers you enter. For example, to apply the policy to all
ports between and including 23 (Telnet) and 53 (DNS), enter the
following range 23 53. The first port number in the range must be
lower than the last number in the range.

The source-port number and destination-port-number for the
tcp-udp-operator is the number of the port.

ipv6-operator

Allows you to filter the packets further by using one of the following options:

dscp – The policy applies to packets that match the traffic class value
in the traffic class field of the IPv6 packet header. This operator allows
you to filter traffic based on TOS or IP precedence. You can specify a
value from 0 – 63.

fragments – The policy applies to fragmented packets that contain a
non-zero fragment offset.

NOTE: This option is not applicable to filtering based on source or

destination port, TCP flags, and ICMP flags.

routing – The policy applies only to IPv6 source-routed packets.

NOTE

This option is not applicable to filtering based on source or destination port,
TCP flags, and ICMP flags.

mirror

Allows you to mirror packets matching the ACL permit clause.

priority-force value

Allows you to force packets outgoing priority. You can specify a value from 0
through 7.

copy-flow

Allows you to send packets matching ACL permit clause to the sFlow
collector.

dscp-marking number

Use the dscp-marking number dscp-cos-mapping parameters to specify a
DSCP value and map that value to an internal QoS table to obtain the packet
new QoS value. The following occurs when you use these parameters.

You enter 0 – 63 for the dscp-marking number parameter.

The dscp-cos-mapping parameter takes the DSCP value you specified
and compares it to an internal QoS table, which is indexed by DSCP
values. The corresponding 802.1p priority, internal forwarding priority,
and DSCP value is assigned to the packet.

IPv6 ACL arguments

Description

See also other documents in the category Brocade Computer Accessories: