Cisco Cisco Tunnel Terminating Gateway (TTG) Fascicule
IPv6 ACL Configuration Mode Commands
redirect css service (by ICMP packets) ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
6377
dest_host_address
The IP address of the destination host to filter against expressed in IPv6 colon-separated-hexadecimal
notation.
notation.
dest_address
The IP address(es) to which the packet is to be sent.
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
dest_wildcard
parameter.
dest_wildcard
This option is used in conjunction with the
dest_address
option to specify a group of addresses for which
packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
dest_address
parameter must be identical.
One-bits in this parameter mean that the corresponding bits configured for the
dest_address
parameter must be ignored.
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB).
icmp_type
Specifies that all ICMP packets of a particular type are to be filtered. The type can be an integer value from 0
through 255.
through 255.
icmp_code
Specifies that all ICMP packets of a particular code are to be filtered. The type is an integer from 0 through
255.
255.
Usage
Define a rule definition to block ICMP packets which can be used for address resolution and possibly be a
security risk.
The IP redirecting allows flexible controls for pairs of individual hosts or groups by IP masking which allows
the redirecting of entire subnets if necessary.
security risk.
The IP redirecting allows flexible controls for pairs of individual hosts or groups by IP masking which allows
the redirecting of entire subnets if necessary.
Important:
A maximum of 16 rule definitions can be configured per ACL. Also note that “redirect” rule
definitions are ignored for ACLs applied to specific subscribers or all subscribers facilitated by a specific context.
Example
The following command defines a rule definition that redirects packets to the CSS service named
css-svc1
,
and ICMP packets coming from the host with the IP address
2002::c6a2:6419
:
redirect css service css-svc1 icmp host 2002::c6a2:6419
The following sets the insertion point to before the first rule definition above: