beautypg.com

Filtering packets based on dscp values, Marking the dscp value in a packet, Filtering packets based on routing header type – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 213

background image

Multi-Service IronWare Security Configuration Guide

195

53-1003035-02

Configuring an IPv6 ACL

4

Filtering packets based on DSCP values

To filter packets based on DSCP values, enter commands such as the following.

Syntax: [no] ipv6 access-list name

deny | permit
ipv6-source-prefix/prefix-length | any
ipv6-destination-prefix/prefix-length | any [sequence number]
dscp dscp-value

Enter a value from 0 - 63 for the dscp dscp-value parameter to filter packets based on their DSCP
value.

For more information on the syntax, refer to

“ACL syntax”

.

Marking the DSCP value in a packet

To specify the DSCP value to a packet, enter commands such as the following.

NOTE

Dscp-marking is not supported on outbound ACLs.

Brocade(config)# ipv6 access-list dscp-markingv6

Brocade(config-ipv6-access-list dscp-markingv6) permit ipv6 any any dscp 20

dscp-marking 10

Brocade(config-ipv6-access-list dscp-markingv6) permit ipv6 any any

Syntax: [no] ipv6 access-list name

deny | permit
ipv6-source-prefix/prefix-length | any
ipv6-destination-prefix/prefix-length | any [sequence number]
dscp dscp-value |dscp markingdscp-value

Enter a value from 0 through 63 for the dscp marking dscp-value parameter to mark the DSCP
value in the incoming packet with the value you specify.

For more information on the syntax, refer to

“ACL syntax”

.

Filtering packets based on routing header type

You can filter IPv6 packets based on their routing header type. This is of particular value when you
want to filter IPv6 source-routed packets to prevent DoS attacks. These packets are type 0.

To filter IPv6 packets based on the routing header type, enter commands such as the following.

Brocade(config)# ipv6 access-list drop-source-routed

Brocade(config-ipv6-access-list drop-source-routed) deny ipv6 any any

routing-header-type

Brocade(config)# ipv6 access-list netw

Brocade(config-ipv6-access-list netw) deny ipv6 any any dscp 3

See also other documents in the category Brocade Computer Accessories: