Cisco Cisco ASR 5000
IPv6 ACL Configuration Mode Commands
deny/permit (by IP packets) ▀
Command Line Interface Reference, StarOS Release 18 ▄
6721
dest_address
The IP address(es) to which the packet is to be sent.
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
This option is used to filter all packets to a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this parameter. The range can
then be configured using the
dest_wildcard
parameter.
dest_wildcard
This option is used in conjunction with the
dest_address
option to specify a group of addresses for which
packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
dest_address
parameter must be identical.
One-bits in this parameter mean that the corresponding bits configured for the
dest_address
parameter must be ignored.
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB).
fragment
Indicates packet filtering is to be applied to IP packet fragments only.
protocol num
Indicates that the packet filtering is to be applied to a specific protocol number.
num
can be any integer ranging from 0 to 255.
Usage
Block IP packets when the source and destination are of interest.
Important:
The maximum number of rules that can be configured per ACL varies depending on how the ACL is
to be used. For more information, refer to the Engineering Rules appendix in the System Administration Guide.
Example
The following command defines two rules with the second logging filtered packets:
permit ip host 2001:4A2B::1f3F any fragment
deny log ip 2001:4A2B::1f3F 2001:4a2b::1f00 host fe80::a02:410
The following sets the insertion point to before the first rule defined above:
before permit ip host 2001:4A2B::1f3F any fragment
The following command sets the insertion point after the second rule defined above:
after deny log ip 2001:4A2B::1f3F 2001:4a2b::1f00 host fe80::a02:410
The following deletes the first rule defined above:
no permit ip host 2001:4A2B::1f3F any fragment