ipv6 access-list sctp
Use this command to allow ACL to permit or deny SCTP packets based on the given source and destination IPV6 address. Even DSCP and vlan ID can be configured to permit or deny with the given values.
Use the no form of this command to remove an ACL specification.
Note: Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.
Note: Range options like neq, gt, lt and range are not supported by hardware in egress direction.
Command Syntax
(<1-268435453>|) (deny|permit) (sctp) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/ M|X:X::X:X X:X::X:X|any) {(eq|gt|lt|neq) (<0-65535>) | (range <0-65535> <0-65535>)| } (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef)|) (vlan <1-4094>|)
no (<1-268435453>|) (deny|permit) (sctp) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/M|X:X::X:X X:X::X:X|any) {(eq|gt|lt|neq) (<0-65535>) | (range <0-65535> <0-65535>)| } (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef)|) (vlan <1-4094>|)
Parameters
<1-268435453>
IPv6 ACL sequence number.
deny
Drop the packet.
permit
Accept the packet.
sctp
Stream Control Transmission Protocol packet.
X:X::X:X/M
Source address with network mask length.
X:X::X:X
Source address with wild card mask.
X:X::X:X
Source address's wild card mask (ignored bits).
any
Any source address.
X:X::X:X/M
Destination address with network mask length.
X:X::X:X
Destination address with wild card mask.
X:X::X:X
Destination address's wild card mask (ignored bits).
any
Any destination address.
eq
Source or destination port equal to.
gt
Source or destination port greater than.
lt
Source or destination port less than.
neq
Source or destination port not equal to.
<0-65535>
Source or destination port number.
range
Range of source or destination port numbers:
<0-65535>
Lowest value in the range.
<0-65535>
Highest value in the range.
dscp
Match packets with given DSCP value.
<0-63>
DSCP value.
af11
AF11 DSCP (001010) decimal value 10.
af12
AF12 DSCP (001100) decimal value 12.
af13
AF13 DSCP (001110) decimal value 14.
af21
AF21 DSCP (010010) decimal value 18.
af22
AF22 DSCP (010100) decimal value 20.
af23
AF23 DSCP (010110) decimal value 22.
af31
AF31 DSCP (011010) decimal value 26.
af32
AF32 DSCP (011100) decimal value 28.
af33
AF33 DSCP (011110) decimal value 30.
af41
AF41 DSCP (100010) decimal value 34
af42
AF42 DSCP (100100) decimal value 36.
af43
AF43 DSCP (100110) decimal value 38.
cs1
CS1 (precedence 1) DSCP (001000) decimal value 8.
cs2
CS2 (precedence 2) DSCP (010000) decimal value 16.
cs3
CS3 (precedence 3) DSCP (011000) decimal value 24.
cs4
CS4 (precedence 4) DSCP (100000) decimal value 32.
cs5
CS5 (precedence 5) DSCP (101000) decimal value 40.
cs6
CS6 (precedence 6) DSCP (110000) decimal value 48.
cs7
CS7 (precedence 7) DSCP (111000) decimal value 56.
default
Default DSCP (000000) decimal value 0.
ef
EF DSCP (101110) decimal value 46.
vlan
Match packets with given vlan value.
<1-4094>
VLAN identifier.
Default
No default value is specified
Command Mode
IPv6 access-list mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ipv6 access-list mylist
(config-ipv6-acl)#200 permit sctp any any
Last modified date: 10/19/2023