DGS-6604
m
permit | deny (ipv6 access list)
CLI Reference Guide
477
Default
None
Command Mode
IPv6 access-list extended configuration
Usage Guideline
The time range profile needs to be created before it can be specified in the
statement. Otherwise an error message will be displayed.
All the configurable arguments (time-range and priority are excluded) can be
used to differentiate one from another. These arguments are called differentiated
arguments. To remove an entry, in the no form of this command, specify the entry
with the same value of all differentiating arguments specified prior (includes all
optional parameters but the time-range and priority are excluded).
Tto update the time-range or priority, specify the entry with the same value of all
differentiating arguments, which are configured, and the update value for time-
range or priority.
The priority value must be unique in the domain of an access-list. If a priority
value entered is already present, an error message will be shown.
Example
This example shows create three entries for an ipv6 extended access-list, named
"ipv6-control". The three entries are: permit tcp packets destined to network
ff02::0:2/16, permit tcp packets destined to host ff02::1:2 and permit all icmp
packets.
Verify the settings by entering the
show access-list
command.
PROFILE-NAME
Used with the no form of the commands, this option, time-range (without
PROFILE-NAME), means to remove the setting of an active timer-period,
rather than remove the whole entry.
PRIORITY
The range is 1 to 65535. The lower the number represents a better priority. It
is used as the rule sequence number.
Syntax Description
Switch(config)# ipv6 access-list extended ipv6-control
Switch(config-ipv6-ext-acl)#permit tcp any ff02::0:2 ffff::
Switch(config-ipv6-ext-acl)#permit tcp any host ff02::1:2
Switch(config-ipv6-ext-acl)#permit icmpv6 any any
Switch(config-ipv6-ext-acl)# exit