102 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
Configuring IPv6 ACLs
6
DRAFT: BROCADE CONFIDENTIAL
The deny statement denies ICMP neighbor discovery acknowledgement.
IPv6 ACL syntax
When creating IPv6 ACLs, you must use the syntax that is appropriate to the protocol you are
filtering. The following sections show the IPv6 ACL syntax for the ICMP, TCP, UDP, and other
supported protocols.
ICMP syntax
Syntax: [no] ipv6 access-list <acl-name>
Syntax: permit | deny icmp <ipv6-source-prefix/prefix-length> | any | host
<source-ipv6_address>
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[ipv6-operator [<value>]]
[ [<icmp-type>][<icmp-code>] ] | [<icmp-message>] [log]
TCP syntax
Syntax: [no] ipv6 access-list <acl-name>
Syntax: permit | deny tcp
<ipv6-source-prefix/prefix-length> | any | host <source-ipv6_address> [tcp-udp-operator
<source-port-number>]
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[tcp-udp-operator <destination-port-number>]
[ipv6-operator [<value>]] [log]
UDP syntax
Syntax: [no] ipv6 access-list <acl-name>
Syntax: permit | deny udp
<ipv6-source-prefix/prefix-length> | any | host <source-ipv6_address> [tcp-udp-operator
<source-port-number>]
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[tcp-udp-operator <destination-port-number>]
[ipv6-operator [<value>]] [log]
IPv6 and supported protocols other than ICMP, TCP, or UDP
Syntax: [no] ipv6 access-list <acl-name>
Syntax: permit | deny <protocol>
<ipv6-source-prefix/prefix-length> | any | host <source-ipv6_address>
<ipv6-destination-prefix/prefix-length> | any | host <ipv6-destination-address>
[ipv6-operator [<value>]] [log]
Comments to this Manuals