ipv6 access-list

This command adds an access list entry.

Syntax

# ipv6 access-list resequence <ipv6 access-list name> <starting rule number> <step size>
 
# ipv6 access-list extended <extended IPv6 access-list number>
 
# ipv6 access-list <access-list ID> {deny|permit} <protocol> <address1> <address2> 
 
# ipv6 access-list <access-list ID> {deny|permit} <protocol> <address1> <address2> <port desc> 
 
# ipv6 access-list <access-list ID> {deny|permit} <protocol> <address1> <address2> <port desc> <postacl>

Command

Description

starting rule number

Defines the starting rule number [1-2147483647].

step size

Defines the step size.

protocol

Can be any of the following:

■

tcp

■

udp

■

esp

■

gre

■

icmp

■

igmp

■

ipv6

■

[0-255] ipv6 protocol number

address1

Can be any of the following:

■

any - any host

■

host – single host

■

local

■

A:B:C::D/P - Defines the network IPv6 address and prefix.

address2

Can be any of the following:

■

any

■

host

■

local

■

A:B:C::D/P - Defines the network IPv6 address and prefix

■

range

port desc

Can be any of the following:

■

eq - Defines a single port

■

range - Defines a range of ports

■

dscp - Match by Differentiated Services Code Point value and mask

■

established - Accept connection

■

log - Log matches

■

stateless - Accept packet

port number

Defines the port number [1-65535].

extended IPv6 access-list number

Defines the extended IPv6 access-list number in number (100-9999) or word format.

postacl

■

dscp - Match by Differentiated Services Code Point value and mask

■

established - Accept connection

■

log - Log matches

■

stateless - Accept packet

Note

This command is applicable only to data-router functionality.

Command Mode

Privileged User

Example

This example adds an access list entry.

(config-data)# ipv6 access-list extended 100