Allied Telesis AT-8100 Series User Manual

Chapter 99: ACL Commands

1622

ipaddress/mask: Matches packets that have a destination IPv6
address of a subnet or an end node in the X:X::X:X/mask
format. The mask is a decimal number that represents the
number of bits in the address, from left to right, that constitute
the network portion of the address. The IP address and the
mask are separated by a slash (/); for example, 2001:odb8::a2/
64.

host ipaddress: Matches packets with a destination IPv6
address and is an alternative to the IPADRESS/MASK variable
for addresses of specific end nodes. The HOST keyword
indicates that the address is of a specific end node and that no
mask is required.

time-range

Specifies the name of a time range that is created with the TIME-
RANGE command. You must create a time range before entering it
as a parameter value. See “TIME-RANGE” on page 1646.

vid

Indicates a VLAN identifier. Specify a VLAN if you want the ACL to
filter tagged packets. Omit a VLAN if you want the ACL to filter
untagged packets. Specify a value between 1 and 4094. You can
enter only one VID.

Mode

Configuration IPv6 ACL mode

Description

Use this command to define an ACL that identifies traffic flows based on
source and destination IPv6 addresses and protocol numbers which are
listed in Table 191 on page 1581.

Confirmation Commands

“SHOW ACCESS-LIST” on page 1641 and “SHOW INTERFACE
ACCESS-GROUP” on page 1643

Examples

This example creates a proto ACL, called “protocopytomirror,” that copies
RDP packets from source IPv6 address 2001:0db8::a2:1c50/64 to any
IPv6 destination address. Then the ACL is assigned to port 9:

awplus> enable
awplus# configure terminal
awplus(config)# ipv6 access-list protocopytomirror
awplus(config-ipv6-acl)# copy-to-mirror proto 27