Permit (ipv6) – Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual

ACL Commands

Page 30

Default Configuration

No IPv6 access list is defined.

Command Mode

Global configuration

User Guidelines
•

An IPv6 ACL has a unique name. An IPv6 ACL, IPv4 ACL and MAC ACL cannot share the same name.

•

Every IPv6 ACL has implicit permit icmp any any nd-ns any, permit icmp any any nd-na any and deny

ipv6 any any statements as its last match conditions (The former two match conditions allow for ICMPv6
neighbor discovery).

•

The IPv6 neighbor discovery process makes use of the IPv6 network layer service; therefore, by default, IPv6

ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In IPv4, the
Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, makes use
of a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent
and received on an interface.

Example

The following example creates an IPv6 ACL.

permit (IPv6)

The permit IPv6 Access-list Configuration mode command sets conditions to allow a packet to pass a named
IPv6 Access List.

Syntax

permit {any | protocol} {any | source-prefix/length} {any | destination-prefix/length} [dscp number |
ip-precedence number] [time-range time-range-name]

permit-icmp {any | source-prefix/length} {any | destination-prefix/length} {any | icmp-type} {any | icmp-code}
[dscp number | ip-precedence number]

permit-tcp {any | source-prefix/length} {any | source-port} {any | destination-prefix/length} {any |
destination-port} [dscp number | ip-precedence number] [flags list-of-flags] [time-range time-range-name]

permit-udp {any | source-prefix/length} {any | source-port} {any | destination-prefix/length} {any |
destination-port} [dscp number | ip-precedence number] [time-range time-range-name]

Switch(config)# ipv6 access-list acl1

Switch(config-ipv6-acl)#