5000 Series Layer 2/3 Managed Data Center Switch CLI Reference Guide
1203
host ipv6 dstip
Specifying host destination-ipv6-address implies matching the specified
IPv6 address.
eq 0-65535 | portkey
Specifies the layer 4 port match condition for the IPv6 ACL rule. A port
number can be used, in the range 0- 65535, or the portkey, which can
be one of the following keywords: • For TCP: bgp | domain | echo | ftp |
ftpdata | http | pop2 | pop3 | smtp | telnet | www.
flag [+fin | -fin] [+syn | -syn]
[+rst | -rst] [+psh | -psh]
[+ack | -ack] [+urg | -urg]
[established]
Specifies that the IPv6 ACL rule matches on the tcp flags. When
+<tcpflagname
> is specified, a match occurs if specified
tcpflagname
flag is set in the TCP header. When
-<tcpflagname>
is specified, a
match occurs if specified
tcpflagname
flag is not set in the TCP header.
When established is specified, a match occurs if specified either RST or
ACK bits are set in the TCP header. Two rules are installed in hardware
to when established option is specified. This option is visible only if
protocol is TCP.
dscp
Match DSCP value.
flow-label
Match flow label field.
fragments
Match on non-initail fragmented packets.
Icp-message
Specify icmp-msg string.
icmp-type
Match icmp-type value.
routing
Match on presence of routing extention header.
Note:
An implicit
deny all
IP rule always terminates the access list.
The
time-range
parameter allows imposing time limitation on the IP ACL rule as defined by the specified
time range. If a time range with the specified name does not exist and the ACL containing this ACL rule is
applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with
specified name exists and the ACL containing this ACL rule is applied to an interface or bound to a VLAN,
then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is
removed when the time-range with specified name becomes inactive. For information about configuring
time ranges, see
“Time Range Commands for Time-Based ACLs”
.
The
assign-queue
parameter allows specification of a particular hardware queue for handling traffic that
matches this rule. The allowed
queue-id
value is 0-(n-1), where n is the number of user configurable
queues available for the hardware platform. The
assign-queue
parameter is valid only for a
permit
rule.
The
permit
commands optional attribute
rate-limit
allows you to permit only the allowed rate of trafflc as
per the configured rate in kbps, and burst-size in kbytes.
Default
The default is None.
Command Mode
lPv6-Access-List Config
12-77 ip access-group