Cisco Systems 3560 Manual De Usuario
39-6
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 39 Configuring IPv6 ACLs
Configuring IPv6 ACLs
Step
3b
3b
deny | permit tcp
{source-ipv6-prefix/prefix-length
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-
prefix/prefix-length | any | host
destination-ipv6-address}
[operator [port-number]] [ack]
[dscp value] [established] [fin]
[log] [log-input] [neq {port |
protocol}] [psh] [range {port |
protocol}] [rst] [sequence value]
[syn] [time-range name] [urg]
{source-ipv6-prefix/prefix-length
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-
prefix/prefix-length | any | host
destination-ipv6-address}
[operator [port-number]] [ack]
[dscp value] [established] [fin]
[log] [log-input] [neq {port |
protocol}] [psh] [range {port |
protocol}] [rst] [sequence value]
[syn] [time-range name] [urg]
(Optional) Define a TCP access list and the access conditions.
Enter tcp for Transmission Control Protocol. The parameters are the same as
those described in Step 3a, with these additional optional parameters:
those described in Step 3a, with these additional optional parameters:
•
ack—Acknowledgment bit set.
•
established—An established connection. A match occurs if the TCP
datagram has the ACK or RST bits set.
datagram has the ACK or RST bits set.
•
fin—Finished bit set; no more data from sender.
•
neq {port | protocol}—Matches only packets that are not on a given port
number.
number.
•
psh—Push function bit set.
•
range {port | protocol}—Matches only packets in the port number range.
•
rst—Reset bit set.
•
syn—Synchronize bit set.
•
urg—Urgent pointer bit set.
Step
3c
3c
deny | permit udp
{source-ipv6-prefix/prefix-length
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/prefix-le
ngth | any | host
destination-ipv6-address}
[operator [port-number]] [dscp
value] [log] [log-input] [neq
{port | protocol}] [range {port |
protocol}] [sequence value]
[time-range name]
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/prefix-le
ngth | any | host
destination-ipv6-address}
[operator [port-number]] [dscp
value] [log] [log-input] [neq
{port | protocol}] [range {port |
protocol}] [sequence value]
[time-range name]
(Optional) Define a UDP access list and the access conditions.
Enter udp for the User Datagram Protocol. The UDP parameters are the same as
those described for TCP, except that the [operator [port]] port number or name
must be a UDP port number or name, and the established parameter is not valid
for UDP.
those described for TCP, except that the [operator [port]] port number or name
must be a UDP port number or name, and the established parameter is not valid
for UDP.
Step
3d
3d
deny | permit icmp
{source-ipv6-prefix/prefix-length
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/prefix-le
ngth | any | host
destination-ipv6-address}
[operator [port-number]]
[icmp-type [icmp-code] |
icmp-message] [dscp value] [log]
[log-input] [sequence value]
[time-range name]
{source-ipv6-prefix/prefix-length
| any | host source-ipv6-address}
[operator [port-number]]
{destination-ipv6-prefix/prefix-le
ngth | any | host
destination-ipv6-address}
[operator [port-number]]
[icmp-type [icmp-code] |
icmp-message] [dscp value] [log]
[log-input] [sequence value]
[time-range name]
(Optional) Define an ICMP access list and the access conditions.
Enter icmp for Internet Control Message Protocol. The ICMP parameters are the
same as those described for most IP protocols in Step 3a, with the addition of the
ICMP message type and code parameters. These optional keywords have these
meanings:
same as those described for most IP protocols in Step 3a, with the addition of the
ICMP message type and code parameters. These optional keywords have these
meanings:
•
icmp-type—Enter to filter by ICMP message type, a number from 0 to 255.
•
icmp-code—Enter to filter ICMP packets that are filtered by the ICMP
message code type, a number from 0 to 255.
message code type, a number from 0 to 255.
•
icmp-message—Enter to filter ICMP packets by the ICMP message type
name or the ICMP message type and code name. To see a list of ICMP
message type names and code names, use the ? key or see command
reference for this release.
name or the ICMP message type and code name. To see a list of ICMP
message type names and code names, use the ? key or see command
reference for this release.
Step 4
end
Return to privileged EXEC mode.
Step 5
show ipv6 access-list
Verify the access list configuration.
Step 6
copy running-config
startup-config
startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose