Cisco Cisco Packet Data Gateway (PDG) トラブルシューティングガイド
IPv6 ACL Configuration Mode Commands
▀ redirect nexthop (by source ICMP packets)
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
The IP address of the destination host to filter against expressed in IPv6 colon notation.
The IP address(es) to which the packet is to be sent.
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
parameter.
This option is used in conjunction with the
option to specify a group of addresses for which
packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
parameter must be identical.
One-bits in this parameter mean that the corresponding bits configured for the
parameter must be ignored.
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB). Therefore,
allowed masks are 0, 1, 3, 7, 15, 31, 63, 127, and 255. For example, acceptable wildcards are 0.0.0.3, 0.0.0.255, and
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the one-bits are not contiguous.
Specifies that all ICMP packets of a particular type are to be filtered. The type can be any integer value
between 0 and 255.
between 0 and 255.
Specifies that all ICMP packets of a particular code are to be filtered. The type can be any integer value
between 0 and 255.
between 0 and 255.
Usage
Define a rule to block ICMP packets which can be used for address resolution and possible be a security risk.
The IP redirecting allows flexible controls for pairs of individual hosts or groups by IP masking which allows
the redirecting of entire subnets if necessary.
The IP redirecting allows flexible controls for pairs of individual hosts or groups by IP masking which allows
the redirecting of entire subnets if necessary.
Important:
The maximum number of rules that can be configured per ACL varies depending on how the ACL is
to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide. Also
note that ―redirect‖ rules are ignored for ACLs applied to specific subscribers or all subscribers facilitated by a specific
context.
note that ―redirect‖ rules are ignored for ACLs applied to specific subscribers or all subscribers facilitated by a specific
context.
Example
The following command defines a rule that redirects packets to the next hop host at
The following command defines a rule that redirects packets to the next hop host at
, the context with
the context ID of
, and ICMP packets coming from the host with the IP address
: