Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide
Chapter 35 Configuring IPv6 ACLs
Configuring IPv6 ACLs
Step 3b
{deny | permit} tcp
{source-ipv6-prefix/prefix-length |
any | host source-ipv6-address}
[operator [port-number]]
prefix/prefix-length | any | host
[operator [port-number]] [ack]
[dscp value] [established] [fin]
[log] [log-input] [neq {port |
protocol}] [psh] [range {port |
protocol}] [rst] [routing]
[sequence value] [syn]
[time-range name] [urg]
(Optional) Define a TCP access list and the access conditions.
Enter tcp for Transmission Control Protocol. The parameters are the same as
those described in Step 3a, with these additional optional parameters:
• ack—Acknowledgment bit set.
• established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
• fin—Finished bit set; no more data from sender.
• neq {port | protocol}—Matches only packets that are not on a given port
• psh—Push function bit set.
• range {port | protocol}—Matches only packets in the port number range.
• rst—Reset bit set.
• syn—Synchronize bit set.
• urg—Urgent pointer bit set.
Step 3c
{deny | permit} udp
{source-ipv6-prefix/prefix-length |
any | host source-ipv6-address}
[operator [port-number]]
length | any | host
[operator [port-number]] [dscp
value] [log] [log-input] [neq {port
| protocol}] [range {port |
protocol}] [routing] [sequence
value] [time-range name]
(Optional) Define a UDP access list and the access conditions.
Enter udp for the User Datagram Protocol. The UDP parameters are the same
as those described for TCP, but the [operator [port]] port number or name must
be a UDP port number or name, and the established parameter is not valid for
Step 3d
{deny | permit} icmp
{source-ipv6-prefix/prefix-length |
any | host source-ipv6-address}
[operator [port-number]]
length | any | host
[operator [port-number]]
[icmp-type [icmp-code] |
icmp-message] [dscp value] [log]
[log-input] [routing] [sequence
value] [time-range name]
(Optional) Define an ICMP access list and the access conditions.
Enter icmp for Internet Control Message Protocol. The ICMP parameters are
the same as those described for most IP protocols in Step 3a, with the addition
of the ICMP message type and code parameters. These optional keywords have
these meanings:
• icmp-type—Filter by ICMP message type. The range is from 0 to 255, .
• icmp-code—Filter ICMP packets that are filtered by the ICMP message
code type. The range is from 0 to 255.
• icmp-message—Enter to filter ICMP packets by the ICMP message type
name or the ICMP message type and code name. To see a list of ICMP
message type names and code names, use the ? key or see command
reference for this release.
Step 4
end Return to privileged EXEC mode.
Step 5
show ipv6 access-list Verify the access list configuration.
Step 6
copy running-config
(Optional) Save your entries in the configuration file.
Command Purpose