Table of Contents
Advertisement
IPv6 Extended ACLs
Command or Action
Step 3
ipv6 access-list access-list-name
Example:
Router(config)# ipv6 access-list outbound
Step 4
permit protocol
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator [port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [dest-option-type [doh-number |
doh-type]] [dscp value] [flow-label value]
[fragments] [log] [log-input] [mobility]
[mobility-type [mh-number | mh-type]] [reflect
name [timeout value]] [routing] [routing-type
routing-number] [sequence value] [time-range
name]
or
deny protocol {source-ipv6-prefix/prefix-length
| any | host source-ipv6-address} [operator
[port-number]]
{destination-ipv6-prefix/prefix-length | any |
host destination-ipv6-address} [operator
[port-number]] [dest-option-type [doh-number |
doh-type]] [dscp value] [flow-label value]
[fragments] [log] [log-input] [mobility]
[mobility-type [mh-number | mh-type]]
[routing] [routing-type routing-number]
[sequence value] [time-range name]
[undetermined-transport]
Example:
Router(config-ipv6-acl)# permit tcp
2001:0DB8:0300:0201::/32 eq telnet any reflect
reflectout
Example:
Router(config-ipv6-acl)# deny tcp host
2001:0db8:1::1 any log-input
Applying the IPv6 ACL to an Interface
SUMMARY STEPS
1.
2.
3.
4.
Cisco 10000 Series Router Software Configuration Guide
24-6
enable
configure terminal
interface type number
ipv6 traffic-filter access-list-name {in | out}
Purpose
Defines an IPv6 ACL and enters IPv6 access list
configuration mode. The router prompt changes to
Router(config-ipv6-acl)#.
The access-list name argument specifies the name of
•
the IPv6 ACL. IPv6 ACL names cannot contain a space
or quotation mark, or begin with a numeral.
Specifies permit or deny conditions for an IPv6 ACL.
The protocol argument specifies the name or number of
•
an Internet protocol. It can be one of the keywords ahp,
esp, icmp, ipv6, pcp, sctp, tcp, or udp, or an integer in
the range from 0 to 255 representing an IPv6 protocol
number.
•
The source-ipv6-prefix/prefix-length and
destination-ipv6-prefix/prefix-length arguments
specify the source and destination IPv6 network or
class of networks about which to set permit conditions.
These arguments must be in the form documented in
Note
RFC 2373 where the address is specified in
hexadecimal using 16-bit values between colons.
The any keyword is an abbreviation for the IPv6 prefix
•
::/0.
The host source-ipv6-address keyword and argument
•
specify the source IPv6 host address about which to set
permit conditions.
•
The source-ipv6-address argument must be in the form
documented in RFC 2373 where the address is
specified in hexadecimal using 16-bit values between
colons.
For information on supported arguments and keywords, see
the permit and deny commands in the IPv6 for Cisco IOS
Command Reference document.
Chapter 24
Configuring IP Version 6
OL-2226-23
Advertisement
Table of Contents
Troubleshooting
