Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

200

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Extended IPv6 ACLs

4

Syntax: [no] [sequence num] permit | deny [ vlan vlan-id] icmp

ipv6-source-prefix/prefix-length | any | host source-ipv6_address
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[ipv6-operator [value]]
[ [icmp-type][icmp-code] ] | [icmp-messge] | beyond-scope | destination-unreachable |
echo-reply | echo-request | header | hop-limit | mld-query | mld-reduction | mld-report |
nd-na | nd-ns | next-header | no-admin | no-route | packet-too-big | parameter-option |
parameter-problem | port-unreachable | reassembly-timeout | renum-command |
renum-result | renum-seq-number | router-advertisement | router-renumbering |
router-solicitation] | [copy-sflow] | | [drop-precedence dp-value] | [drop-precedence-force
dp-value] | [dscp-marking number] | [dscp dscp-value] | [mirror] | [priority-force number]

Syntax: regenerate-seq-num [num]

The icmp protocol indicates the you are filtering ICMP packets.

To specify an ICMP type, enter a value from 0 through 255 for the icmp-type parameter.

To specify an ICMP code, enter a value from 0 through 255 for the icmp-code parameter.

You can use these ICMP wild cards for IPv6 packet filtering.

•

destination-unreachable – Matches all unreachable type codes.

•

time-exceeded – Matches all timeout type codes.

•

router-renumbering – Matches all router renumbering type codes.

To specify an ICMP message, enter one of the following options:

•

beyond-scope

•

destination-unreachable

•

dscp-marking

•

dscp

•

echo-reply

•

echo-request

•

flow-label

•

fragments

•

header

•

hop-limit

•

mld-query

•

mld-reduction

•

mld-report

•

nd-na

•

nd-ns

•

next-header

•

no-admin

•

no-route

•

packet-too-big

•

parameter-option

•

parameter-problem