beautypg.com

Ipv6 receive access-list – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 246

background image

228

Multi-Service IronWare Security Configuration Guide

53-1003035-02

ipv6 receive access-list

4

ipv6 receive access-list

Configures an IPv6 access-control list as an IPv6 receive access-control list (rACL).

The no form of the basic command removes the rACL.

The no form of the command with the policy-map option specified removes both the policy-map
and the strict-acl option: the rACL remains.

The no form of the command with both policy-map and strict-acl options specified, removes the
strict-acl option: the rACL with policy-map remains and traffic matching “deny” clauses starts
passing to the CPU.

Syntax

ipv6 receive access-list acl-name sequence seq-num [policy-map policy-map-name [strict-acl]]

[no] ipv6 receive access-list acl-name sequence seq-num [policy-map policy-map-name [strict-acl]]

Command

Default

By default, traffic matching the “permit” clause in the specified IPv6 ACL is permitted and traffic
matching the “deny” clause in the IPv6 ACL is dropped in the hardware.

Parameters

acl-name

Specifies the name of the access-control list to apply to all interfaces within
the default VRF, for all CPU-bound traffic. The maximum length of the
access-control list name is 256 characters.

sequence seq-num Defines the sequence number of the access-control list being applied as a

rACL. IPv6 rACL commands are applied in the order of the lowest to the
highest sequence numbers. The range of values is from 1 through 50.

policy-map policy-map-name

Specifies the name of a policy map. When the policy-map option is specified,
traffic matching the “permit “clause of the specified IPv6 ACL is rate-limited
as defined in the policy map and IPv6 traffic matching the “deny” clause in
the IPv6 ACL is permitted without any rate limiting.

strict-acl

Specifies that traffic matching the “permit” clause of the specified IPv6 ACL is
rate-limited as defined in the policy map and IPv6 traffic matching the “deny”
clause in the IPv6 ACL is dropped in the hardware.

Command

Modes

Global configuration mode

Examples

The following example configures an IPv6 rACL to apply the ACL “b1” with a sequence number of
“15” to all interfaces within the default VRF, for all CPU-bound traffic.

Brocade(config)# ipv6 receive access-list b1 sequence 15

The following example configures an IPv6 rACL with a policy map “m1”. The rACL applies the ACL
“b1” with a sequence number of “15” to all interfaces within the default VRF, for all CPU-bound
traffic. Traffic matching the permit clause of the “b1” ACL is rate-limited as defined in in the policy
map ”m1” and traffic matching the “deny” clause in ”b1” ACL is permitted without any rate limiting.

Brocade(config)# ipv6 receive access-list b1 sequence 15 policy map m1

The following example removes the strict-acl option so that traffic matching “deny” clauses starts
passing to the CPU: the rACL with the policy map “m1” remains.

Brocade(config)# no ipv6 receive access-list b1 sequence 15 policy-map m1

strict-acl

See also other documents in the category Brocade Computer Accessories: