Online demo
Contact us
11.8. FLEX ACLv6 Commands
11.8.1. sequence-num
Command Purpose
Use this command to remove a filter from IPv6 ACL.
Command Syntax
no sequence-num SEQUENCE_NUM
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of a IPv6 filter |
The range is 1 to 131071 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to remove a filter with the sequence-num 10 from IPv6 ACL:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# no sequence-num 10
11.8.2. remark
Command Purpose
Use this command to add remarks for the IPv6 ACL.
To remove remarks of the IPv6 ACL, use the no form of this command.
Command Syntax
remark REMARK
no remark
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
REMARK |
The remarks of the IPv6 ACL |
String with up to 100 characters |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
The remarks are up to 100 characters. The exceed parts will not be stored and will be truncated.
Examples
This example shows how to add a remark to describe the IPv6 ACL:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# remark remark of List for ipv6
This example shows how to remove the remark of the IPv6 ACL:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# no remark
Related Commands
ipv6 access-list
11.8.3. deny
Command Purpose
Use this command to discard ongoing IPv6 packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny ( PROTO_NUM | any ) ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
PROTO_NUM |
An IPv6 protocol number |
0-255 |
any |
Any IPv6 protocol |
- |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
An auto-generated sequence number will be assigned to the filter if the sequence-num field is not presented. The auto-generated sequence number is incremented by 10 on the maximum existing sequence number in the IPv6 ACL. For example, when the maximum existing sequence number is 100, the sequence number of subsequent created IPv6 filter is 110.
Examples
This example shows how to create a filter in IPv6 ACL to deny any IPv6 packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny any any any
This example shows how to create a filter in IPv6 ACL to deny any routed packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny any any any routed-packet
Related Commands
no sequence-num
11.8.4. deny tcp
Command Purpose
Use this command to reject TCP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny tcp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( src-port OPERATOR SRC_PORT | ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( dst-port OPERATOR DST_PORT | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any destination host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
OPERATOR SRC_PORT |
Source port operator and value |
Source port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
OPERATOR DST_PORT |
Destination port operator and value |
Destination port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to deny any TCP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny tcp any any
This example shows how to create a filter in IPv6 ACL to deny the TCP packets with the source IPv6 address 2001::2020, source port 8080:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny tcp host 2001::2020 src-port eq 8080 any
Related Commands
no sequence-num
11.8.5. deny udp
Command Purpose
Use this command to reject UDP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny udp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( src-port OPERATOR SRC_PORT | ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( dst-port OPERATOR DST_PORT | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any destination host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
OPERATOR SRC_PORT |
Source port operator and value |
Source port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
OPERATOR DST_PORT |
Destination port operator and value |
Destination port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to deny any UDP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny udp any any
This example shows how to create a filter in IPv6 ACL to deny the UDP packets with the source IPv6 address 2001::2020, source port 8080:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny udp host 2001::2020 src-port eq 8080 any
Related Commands
no sequence-num
11.8.6. deny icmp
Command Purpose
Use this command to reject ICMP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny icmp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( icmp-type TYPE-NUM ( icmp-code CODE-NUM | ) | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
TYPE-NUM |
ICMP message type |
0-255 |
CODE-NUM |
ICMP message code |
0-255 |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to deny any ICMP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny icmp any any
This example shows how to create a filter in IPv6 ACL to deny the ICMP packets with the icmp-type 3 and icmp-code 3:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny icmp any any icmp-type 3 icmp-code 3
Related Commands
no sequence-num
11.8.7. deny gre
Command Purpose
Use this command to reject GRE packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny gre ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( flow-label FLOW-LABEL-VALUE | ) ( key KEY mask KEY-MASK ) ( dscp DSCP | ) ( ecn <0-3> | ) ( non-fragment | first-fragment | non-or-first-fragment | small-fragment | non-first-fragment | ) ( routed-packet | ) ( options | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
FLOW-LABEL-VALUE |
Flow label |
0-1048575 |
KEY |
GRE key |
0-4294967295 |
KEY-MASK |
GRE key mask |
0-0xFFFFFFFF |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
ECN |
ecn value |
0-3 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny gre any any key 0 mask 0
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny gre host 2000::1 any key 10 mask 0xffffffff
Related Commands
no sequence-num
11.8.8. deny nvgre
Command Purpose
Use this command to reject NVGRE packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) deny nvgre ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( flow-label FLOW-LABEL-VALUE | ) ( vsid VSID mask VSID-MASK ) ( dscp DSCP | ) ( ecn <0-3> | ) ( non-fragment | first-fragment | non-or-first-fragment | small-fragment | non-first-fragment | ) ( routed-packet | ) ( options | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
FLOW-LABEL-VALUE |
Flow label |
0-1048575 |
VSID |
NVGRE VSID |
0-16777215 |
VSID-MASK |
NVGRE VSID MASK |
0-0xFFFFFF |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
ECN |
ecn value |
0-3 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 deny nvgre any any vsid 0 mask 0
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 deny gre host 2000::1 any vsid 10 mask 0xffffff
Related Commands
no sequence-num
11.8.9. permit
Command Purpose
Use this command to permit ongoing IPv6 packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit ( PROTO_NUM | any ) ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
PROTO_NUM |
An IPv6 protocol number |
0-255 |
any |
Any IPv6 protocol |
- |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR LENGTH |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
An auto-generated sequence number will be assigned to the filter if the sequence-num field is not presented. The auto-generated sequence number is incremented by 10 on the maximum existing sequence number in the IPv6 ACL. For example, when the maximum existing sequence number is 100, the sequence number of subsequent created IPv6 filter is 110.
Examples
This example shows how to create a filter in IPv6 ACL to permit any IPv6 packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit any any any
This example shows how to create a filter in IPv6 ACL to permit any routed packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit any any any routed-packet
Related Commands
no sequence-num
11.8.10. permit tcp
Command Purpose
Use this command to permitTCP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit tcp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( src-port OPERATOR SRC_PORT | ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( dst-port OPERATOR DST_PORT | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any destination host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
OPERATOR SRC_PORT |
Source port operator and value |
Source port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
OPERATOR DST_PORT |
Destination port operator and value |
Destination port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to permit any TCP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit tcp any any
This example shows how to create a filter in IPv6 ACL to permit the TCP packets with the source IPv6 address 2001::2020, source port 8080:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit tcp host 2001::2020 src-port eq 8080 any
Related Commands
no sequence-num
11.8.11. permit udp
Command Purpose
Use this command to permit UDP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit udp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( src-port OPERATOR SRC_PORT | ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( dst-port OPERATOR DST_PORT | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any destination host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
OPERATOR SRC_PORT |
Source port operator and value |
Source port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
OPERATOR DST_PORT |
Destination port operator and value |
Destination port, the range is 0-65535. Operator including eq (equal to), lt (less than), gt (greater than), neq (not equal to) and range |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to permit any UDP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit udp any any
This example shows how to create a filter in IPv6 ACL to permit the UDP packets with the source IPv6 address 2001::2020, source port 8080:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit udp host 2001::2020 src-port eq 8080 any
Related Commands
no sequence-num
11.8.12. permit icmp
Command Purpose
Use this command to reject ICMP packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit icmp ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( icmp-type TYPE-NUM ( icmp-code CODE-NUM | ) | ) ( routed-packet | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
Please see above under ‘permit’ for further details.
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
icmp-type TYPE-NUM |
ICMP message type |
0-255 |
icmp-code CODE-NUM |
ICMP message code |
0-255 |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
This example shows how to create a filter in IPv6 ACL to permit any ICMP packets:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit icmp any any
This example shows how to create a filter in IPv6 ACL to permit the ICMP packets with the icmp-type 3 and icmp-code 3:
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit icmp any any icmp-type 3 icmp-code 3
Related Commands
no sequence-num
11.8.13. permit gre
Command Purpose
Use this command to permit GRE packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit gre ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( flow-label FLOW-LABEL-VALUE | ) ( key KEY mask KEY-MASK ) ( dscp DSCP | ) ( ecn <0-3> | ) ( non-fragment | first-fragment | non-or-first-fragment | small-fragment | non-first-fragment | ) ( routed-packet | ) ( options | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
For descriptions of other parameters, please refer to the “deny nvgre” section above.
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
FLOW-LABEL-VALUE |
Flow label |
0-1048575 |
KEY |
GRE key |
0-4294967295 |
KEY-MASK |
GRE key mask |
0-0xFFFFFFFF |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
ECN |
ecn value |
0-3 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit gre any any key 0 mask 0
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit gre host 2000::1 any key 10 mask 0xffffffff
Related Commands
no sequence-num
11.8.14. permit nvgre
Command Purpose
Use this command to permit NVGRE packets matching the IPv6 filter.
Command Syntax
( SEQUENCE_NUM | ) permit nvgre ( SRC_IPV6 SRC_IPV6_MASK | any | host SRC_IPV6 ) ( DST_IPV6 DST_IPV6_MASK | any | host DST_IPV6 ) ( flow-label FLOW-LABEL-VALUE | ) ( vsid VSID mask VSID-MASK ) ( dscp DSCP | ) ( ecn <0-3> | ) ( non-fragment | first-fragment | non-or-first-fragment | small-fragment | non-first-fragment | ) ( routed-packet | ) ( options | ) ( packet-length OPERATOR LENGTH | ) ( time-range TIME-RANGE-NAME | )
For descriptions of other parameters, please refer to the “deny nvgre” section above.
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
FLOW-LABEL-VALUE |
Flow label |
0-1048575 |
VSID |
NVGRE VSID |
0-16777215 |
VSID-MASK |
NVGRE VSID MASK |
0-0xFFFFFF |
SEQUENCE_NUM |
The sequence number of the filter in IPv6 ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
SRC_IPV6 SRC_IPV6_MASK |
The source IPv6 prefix address |
IPv6 Address and mask length |
any |
Any source host |
- |
host SRC_IPV6 |
The source IPv6 address of a host |
IPv6 Address |
DST_IPV6 DST_IPV6_MASK |
The destination IPv6 prefix address |
IPv6 Address and mask length |
host DST_IPV6 |
The destination IPv6 address of a host |
IPv6 Address |
routed-packet |
Match routed packet |
- |
TIME-RANGE-NAME |
The time-range used by the IPv6 filter |
A string with up to 40 characters |
OPERATOR |
Packet length,operator including eq (equal to), lt (less than), gt (greater than), and range |
eq (equal to), lt (less than), gt (greater than), and range |
LENGTH |
The length value |
64-16382 |
ECN |
ecn value |
0-3 |
Command Mode
FLEX IPv6 ACL Configuration
Default
None
Usage
None
Examples
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 1 permit nvgre any any vsid 0 mask 0
Switch# configure terminal
Switch(config)# ipv6 access-list list_ipv6_1
Switch(config-ipv6-acl)# 2 permit nvgre host 2000::1 any vsid 10 mask 0xffffff
Related Commands
no sequence-num