Cisco Cisco Packet Data Gateway (PDG) Leaflet
IPv6 ACL Configuration Mode Commands
▀ deny/permit (by host IP address)
▄ Cisco ASR 5x00 Command Line Interface Reference
6334
deny | permit
Specifies the rule is either block (deny) or an allow (permit) filter.
deny
: Indicates the rule, when matched, drops the corresponding packets.
permit
: Indicates the rule, when matched, allows the corresponding packets.
log
Default: packets are not logged.
Indicates all packets which match the filter are to be logged.
Indicates all packets which match the filter are to be logged.
source_host_address
The IP address of the source host to filter against expressed in IPv6 colon notation.
Usage
Define a rule when a very specific remote host is to be blocked. In simplified networks where the access
controls need only block a few hosts, this command allows the rules to be very clear and concise.
controls need only block a few hosts, this command allows the rules to be very clear and concise.
Important:
The maximum number of rules that can be configured per ACL varies depending on how the ACL is
to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide.
Example
The following command defines two rules with the second logging filtered packets:
permit host 2001:4A2B::1f3F
deny log host 2001:4A2B::1f3F
The following sets the insertion point to before the first rule defined above:
before permit host 2001:4A2B::1f3F
The following command sets the insertion point after the second rule defined above:
after deny log host 2001:4A2B::1f3F
The following deletes the first rule defined above:
no permit host 2001:4A2B::1f3F