beautypg.com

Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 154

background image

134

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Creating an IPv6 ACL

Table 18

lists the syntax elements.

TABLE 18

Syntax descriptions

IPv6 ACL arguments

Description

ipv6 access-list ACL-name

Enables the IPv6 configuration level and defines the name of the IPv6 ACL.
The ACL-name can contain up to 199 characters and numbers, but cannot
begin with a number and cannot contain any spaces or quotation marks.

permit

The ACL will permit (forward) packets that match a policy in the access list.

deny

The ACL will deny (drop) packets that match a policy in the access list.

icmp

Indicates the you are filtering ICMP packets.

protocol

The type of IPv6 packet you are filtering. You can specify a well-known name
for some protocols whose number is less than 255. For other protocols, you
must enter the number. Enter “?” instead of a protocol to list the well-known
names recognized by the CLI. IPv6 protocols include
AHP – Authentication Header
ESP – Encapsulating Security Payload
IPv6 – Internet Protocol version 6
SCTP – Stream Control Transmission Protocol

ipv6-source-prefix/prefix-length

The ipv6-source-prefix/prefix-length parameter specify a source prefix and
prefix length that a packet must match for the specified action (deny or
permit) to occur. You must specify the ipv6-source-prefix parameter in
hexadecimal using 16-bit values between colons as documented in RFC
2373. You must specify the prefix-length parameter as a decimal value. A
slash mark (/) must follow the ipv6-prefix parameter and precede the
prefix-length parameter.


ipv6-destination-prefix/prefix-lengt
h

The ipv6-destination-prefix/prefix-length parameter specify a destination
prefix and prefix length that a packet must match for the specified action
(deny or permit) to occur. You must specify the ipv6-destination-prefix
parameter in hexadecimal using 16-bit values between colons as
documented in RFC 2373. You must specify the prefix-length parameter as a
decimal value. A slash mark (/) must follow the ipv6-prefix parameter and
precede the prefix-length parameter

any

When specified instead of the ipv6-source-prefix/prefix-length or
ipv6-destination-prefix/prefix-length parameters, matches any IPv6 prefix
and is equivalent to the IPv6 prefix::/0.

host

Allows you specify a host IPv6 address. When you use this parameter, you do
not need to specify the prefix length. A prefix length of all128 is implied.

icmp-type

ICMP packets can be filtered by ICMP message type. The type is a number
from 0 to 255.

icmp code

ICMP packets, which are filtered by ICMP message type can also be filtered
by the ICMP message code. The code is a number from 0 to 255,

icmp-message

ICMP packets are filtered by ICMP messages. Refer to

“ICMP message

configurations”

on page 136 for a list of ICMP message types.

tcp

Indicates the you are filtering TCP packets.

udp

Indicates the you are filtering UDP packets.

See also other documents in the category Brocade Communications Systems Computer Accessories: