ipv6 access-list icmpv6
Use this command to permit or deny IPv6 ICMP packets with the given source and destination IPv6 address, DSCP value, VLAN identifier, inner VLAN identifier, fragments, and flow label.
Use the no form of this command to remove an ACL specification.
Note: Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.
Command Syntax
(<1-268435453>|)(deny|permit) (icmpv6) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/ M|X:X::X:X X:X::X:X|any) (beyond-scope| destination-unreachable| echo-reply| echo-request| header| hop-limit| mld-query| mld-reduction| mld-report| nd-na| nd-ns| next-header| no-admin| no-route| packet-too-big| parameter-option| parameter-problem| port-unreachable| reassembly-timeout| redirect| renum-command| renum-result| renum-seq-number| router-advertisement| router-renumbering| router-solicitation| time-exceeded| unreachable | (<0-255> (<0-255>|)|)) (dscp (<0-63>|af11| af12| af13| af21| af22| af23| af31|af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5|cs6| cs7| default| ef)|) (flow-label <0-1048575>|) (fragments|)(vlan <1-4094>|)(inner-vlan <1-4094>|) (log|) (sample|)((redirect-to-port IFNAME)|)
no (<1-268435453>|)(deny|permit) (icmpv6) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (beyond-scope| destination-unreachable| echo-reply| echo-request| header| hop-limit| mld-query| mld-reduction| mld-report| nd-na| nd-ns| next-header| no-admin| no-route| packet-too-big| parameter-option| parameter-problem| port-unreachable| reassembly-timeout| redirect| renum-command| renum-result| renum-seq-number| router-advertisement| router-renumbering| router-solicitation| time-exceeded| unreachable | (<0-255> (<0-255>|)|)) (dscp (<0-63>|af11| af12| af13| af21| af22| af23| af31|af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5|cs6| cs7| default| ef )|) (flow-label <0-1048575>|) (fragments|)(vlan <1-4094>|)(inner-vlan <1-4094>|)(log|) (sample|)((redirect-to-port IFNAME)|)
Parameters
<1-268435453>
IPv6 ACL sequence number.
deny
Drop the packet.
permit
Accept the packet.
icmpv6
Internet Control Message Protocol packet.
X:X::X:X/M
Source Address with network mask length.
X:X::X:X X:X::X:X
Source Address with wild card mask.
any
Any source address.
X:X::X:X/M
Destination address with network mask length.
X:X::X:X X:X::X:X
Destination address with wild card mask.
any
Any destination address
beyond-scope
Destination beyond scope
destination-unreachable
Destination address is unreachable
echo-reply
Echo reply
echo-request
Echo request (ping)
header
Parameter header problems
hop-limit
Hop limit exceeded in transit
mld-query
Multicast Listener Discovery Query
mld-reduction
Multicast Listener Discovery Reduction
mld-report
Multicast Listener Discovery Report
nd-na
Neighbor discovery neighbor advertisements
nd-ns
Neighbor discovery neighbor solicitations
next-header
Parameter next header problems
no-admin
Administration prohibited destination
no-route
No route to destination
packet-too-big
Packet too big
parameter-option
Parameter option problems
parameter-problem
All parameter problems
port-unreachable
Port unreachable
reassembly-timeout
Reassembly timeout
redirect
Neighbor redirect
renum-command
Router renumbering command
renum-result
Router renumbering result
renum-seq-number
Router renumbering sequence number reset
router-advertisement
Neighbor discovery router advertisements
router-renumbering
All router renumbering
router-solicitation
Neighbor discovery router solicitations
time-exceeded
All time exceeded messages
unreachable
All unreachable
<0-255>
ICMPv6 message type
<0-255>
ICMPv6 message code
dscp
Match packets with given DSCP value.
<0-63>
Enter DSCP value between 0-63.
af11
AF11 DSCP (001010) decimal value 10.
af12
AF12 DSCP (001100) decimal value 12.
af13
AF13 DSCP (001110) decimal value 14.
af21
AF21 DSCP (010010) decimal value 18.
af22
AF22 DSCP (010100) decimal value 20.
af23
AF23 DSCP (010110) decimal value 22.
af31
AF31 DSCP (011010) decimal value 26.
af32
AF32 DSCP (011100) decimal value 28.
af33
AF33 DSCP (011110) decimal value 30.
af41
AF41 DSCP (100010) decimal value 34
af42
AF42 DSCP (100100) decimal value 36.
af43
AF43 DSCP (100110) decimal value 38.
cs1
CS1 (precedence 1) DSCP (001000) decimal value 8.
cs2
CS2 (precedence 2) DSCP (010000) decimal value 16.
cs3
CS3 (precedence 3) DSCP (011000) decimal value 24.
cs4
CS4 (precedence 4) DSCP (100000) decimal value 32.
cs5
CS5 (precedence 5) DSCP (101000) decimal value 40.
cs6
CS6 (precedence 6) DSCP (110000) decimal value 48.
cs7
CS7 (precedence 7) DSCP (111000) decimal value 56.
default
Default DSCP (000000) decimal value 0.
ef
EF DSCP (101110) decimal value 46.
flow-label
IPv6 Flow-label.
<0-1048575>
IPv6 Flow-label value.
fragments
Check non-initial fragments.
vlan
Match packets with given VLAN identifier.
<1-4094>
Enter VLAN identifier.
inner-vlan
Match packets with given inner VLAN identifier.
<1-4094>
Enter inner-VLAN identifier.
log
Log the packets matching the filter (in-direction only).
sample
Sample the packets matching the filter (in-direction only).
redirect-to-port
Redirect the packet (in-direction only)
IFNAME
Interface name to which packet to be redirected
Command Mode
IPv6 access-list mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ipv6 access-list mylist
(config-ipv6-acl)#200 permit icmpv6 any any fragments