ipv6 access-list tcp|udp
Use this command to define a IPv6 access control list (ACL) specification that determines whether to accept or drop an incoming IPv6 packet based on the criteria that you specify. This form of this command filters packets based on source and destination IPv6 address along with protocol (TCP or UDP) and port.
Use the no form of this command to remove an ACL specification.
Note: Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.
Note: Range options such as neq, gt, lt and range are not supported by the hardware in the egress direction.
Command Syntax
(<1-268435453>|) (deny|permit) tcp (X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535> |bgp|chargen|cmd|daytime|discard|domain|drip |echo|exec|finger|ftp |ftp- data|gopher|hostname|ident|irc|klogin|kshell |login|lpd|nntp|pim-auto- rp|pop2|pop3|smtp|ssh|sunrpc|tacacs|talk|telnet |time|uucp|whois|www) | (range <0-65535> <0-65535>|)|)(X:X::X:X/M|X:X::X:X X:X::X:X|any)((eq|gt|lt|neq) <0-65535>|bgp|chargen|cmd|daytime|discard|domain |drip|echo|exec|finger|ftp|ftp-data|gopher|hostname|ident|irc|klogin|kshell |login|lpd|nntp|pim-auto-rp|pop2|pop3|smtp|ssh|sunrpc|tacacs|talk| telnet|time |uucp|whois|www) | (range <0-65535> <0-65535>)|) (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef)) (vlan <1-4094>|)
(<1-268435453>|) (deny|permit) udp (X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535>|biff|bootpc|bootps|discard|dnsix|domain |echo|isakmp|mobile-ip|nameserver|netbios-dgm|netbios-ns|netbios-ss|non500-isakmp|ntp|pim-auto-rp|rip|snmp|snmptrap|sunrpc|syslog|tacacs|talk |tftp|time|who|xdmcp) | (range <0-65535> <0-65535>)|)(X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535>|biff|bootpc|bootps|discard|dnsix |domain|echo|isakmp|mobile-ip|nameserver|netbios-dgm|netbios-ns|netbios-ss|non500-isakmp|ntp|pim-auto-rp|rip|snmp|snmptrap|sunrpc|syslog|tacacs|talk |tftp|time|who|xdmcp) | (range <0-65535> <0-65535>)|) (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef) (vlan <1-4094>|)
no (<1-268435453>|) (deny|permit) tcp (X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535> |bgp|chargen|cmd|daytime|discard|domain|drip |echo|exec|finger|ftp |ftp- data|gopher|hostname|ident|irc|klogin|kshell |login|lpd|nntp|pim-auto- rp|pop2|pop3|smtp|ssh|sunrpc|tacacs|talk|telnet |time|uucp|whois|www) | (range <0-65535> <0-65535>)|)(X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535>|bgp|chargen|cmd|daytime|discard|domain| drip|echo|exec|finger|ftp |ftp- data|gopher|hostname|ident|irc|klogin |kshell|login|lpd|nntp|pim-auto- rp|pop2|pop3|smtp|ssh|sunrpc|tacacs|talk|telnet |time|uucp|whois|www) | (range <0- 65535> <0-65535>)|) (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef) | (vlan <1-4094>|)
no (<1-268435453>|) (deny|permit) udp (X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535>|biff|bootpc|bootps|discard|dnsix|domain|echo |isakmp|mobile-ip|nameserver|netbios-dgm|netbios-ns|netbios-ss|non500-isakmp|ntp|pim-auto-rp|rip|snmp|snmptrap|sunrpc|syslog|tacacs|talk|tftp|time |who|xdmcp) | (range <0-65535> <0-65535>)|)(X:X::X:X/M|X:X::X:X X:X::X:X|any) ((eq|gt|lt|neq) <0-65535>|biff|bootpc|bootps|discard|dnsix|domain|echo |isakmp|mobile-ip|nameserver|netbios-dgm|netbios-ns|netbios-ss|non500-isakmp|ntp|pim-auto-rp|rip|snmp|snmptrap|sunrpc|syslog|tacacs|talk|tftp|time |who|xdmcp) | (range <0-65535> <0-65535>)|) (dscp (<0-63>| af11| af12| af13| af21| af22| af23| af31| af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5| cs6| cs7| default| ef) | (vlan <1-4094>|)
Parameters
<1-268435453>
IPv6 ACL sequence number.
deny
Drop the packet.
permit
Accept the packet.
tcp
Transmission Control Protocol.
udp
User Datagram Protocol.
X:X::X:X/M
Source or destination IPv6 prefix and length.
X:X::X:X X:X::X:X
Source or destination IPv6 address and mask.
any
Any source or destination IPv6 address.
eq
Source or destination port equal to.
gt
Source or destination port greater than.
lt
Source or destination port less than.
neq
Source or destination port not equal to.
<0-65535>
Source or destination port number.
range
Range of source or destination port numbers:
<0-65535>
Lowest value in the range.
<0-65535>
Highest value in the range.
ftp
File Transfer Protocol (21).
ssh
Secure Shell (22).
telnet
Telnet (23).
www
World Wide Web (HTTP 80).
tftp
Trivial File Transfer Protocol (69).
bootp
Bootstrap Protocol (BOOTP) client (67).
bgp
Border Gateway Protocol.
chargen
Character generator.
cmd
Remote commands.
daytime
Daytime.
discard
Discard.
domain
Domain Name Service.
drip
Dynamic Routing Information Protocol.
echo
Echo.
exec
EXEC.
finger
Finger.
ftp
File Transfer Protocol.
ftp-data
FTP data connections.
gopher
Gopher.
hostname
NIC hostname server.
ident
Ident Protocol.
irc
Internet Relay Chat.
klogin
Kerberos login.
kshell
Kerberos shell.
login
Login.
lpd
Printer service.
nnt
Network News Transport Protocol.
pim-auto-rp
PIM Auto-RP.
pop2
Post Office Protocol v2.
pop3
Post Office Protocol v3.
smtp
Simple Mail Transport Protocol.
ssh
Secure Shell.
sunrpc
Sun Remote Procedure Call.
tacacs
TAC Access Control System.
talk
Talk.
telnet
Telnet.
time
Time.
uucp
UNIX-to-UNIX Copy Program.
whois
WHOIS/NICNAME
www
World Wide Web.
nntp
Range of source or destination port numbers:
dscp
Match packets with given DSCP value.
<0-63>
DSCP value.
af11
AF11 DSCP (001010) decimal value 10.
af12
AF12 DSCP (001100) decimal value 12.
af13
AF13 DSCP (001110) decimal value 14.
af21
AF21 DSCP (010010) decimal value 18.
af22
AF22 DSCP (010100) decimal value 20.
af23
AF23 DSCP (010110) decimal value 22.
af31
AF31 DSCP (011010) decimal value 26.
af32
AF32 DSCP (011100) decimal value 28.
af33
AF33 DSCP (011110) decimal value 30.
af41
AF41 DSCP (100010) decimal value 34
af42
AF42 DSCP (100100) decimal value 36.
af43
AF43 DSCP (100110) decimal value 38.
cs1
CS1 (precedence 1) DSCP (001000) decimal value 8.
cs2
CS2 (precedence 2) DSCP (010000) decimal value 16.
cs3
CS3 (precedence 3) DSCP (011000) decimal value 24.
cs4
CS4 (precedence 4) DSCP (100000) decimal value 32.
cs5
CS5 (precedence 5) DSCP (101000) decimal value 40.
cs6
CS6 (precedence 6) DSCP (110000) decimal value 48.
cs7
CS7 (precedence 7) DSCP (111000) decimal value 56.
default
Default DSCP (000000) decimal value 0.
ef
EF DSCP (101110) decimal value 46.
biff
Biff.
bootpc
Bootstrap Protocol (BOOTP) client.
bootps
Bootstrap Protocol (BOOTP) server.
discard
Discard.
dnsix
DNSIX security protocol auditing.
domain
Domain Name Service.
echo
Echo.
isakmp
Internet Security Association and Key Management Protocol.
mobile-ip
Mobile IP registration.
nameserver
IEN116 name service.
netbios-dgm
Net BIOS datagram service.
netbios-ns
Net BIOS name service.
netbios-ss
Net BIOS session service.
non500-isakmp
Non500-Internet Security Association and Key Management Protocol.
ntp
Network Time Protocol.
pim-auto-rp
PIM Auto-RP.
rip
Routing Information Protocol.
snmp
Simple Network Management Protocol.
snmptrap
SNMP Traps.
sunrpc
Sun Remote Procedure Call.
syslog
System Logger.
tacacs
TAC Access Control System.
talk
Talk.
tftp
Trivial File Transfer Protocol.
time
Time.
who
Who service.
xdmcp
X Display Manager Control Protocol.
vlan
Match packets with given vlan value.
<1-4094>
VLAN identifier.
Default
No default value is specified
Command Mode
IPv6 access-list mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ipv6 access-list mylist
(config-ipv6-acl)#deny udp any eq tftp any
(config-ipv6-acl)#deny tcp fd22:bf66:78a4:10a2::/64 fdf2:860a:746a:e49c::/64 eq ssh