Cisco Cisco ASR 5000
IPv6 ACL Configuration Mode Commands
deny/permit (by TCP/UDP packets) ▀
Command Line Interface Reference, StarOS Release 18 ▄
6723
before
Indicates all rules defined subsequent to this command are to be inserted before the command identified by
the exact options listed.
This moves the insertion point to be immediately before the rule which matches the exact options specified
such that new rules will be added, in order, before the matching rule.
the exact options listed.
This moves the insertion point to be immediately before the rule which matches the exact options specified
such that new rules will be added, in order, before the matching rule.
Important:
If the options specified do not exactly match an existing rule, the insertion point does not change.
no
Removes the rule which exactly matches the options specified.
deny | permit
Specifies the rule is either block (deny) or an allow (permit) filter.
deny
: Indicates the rule, when matched, drops the corresponding packets.
permit
: Indicates the rule, when matched, allows the corresponding packets.
log
Default: packets are not logged.
Indicates all packets which match the filter are to be logged.
Indicates all packets which match the filter are to be logged.
tcp | udp
Specifies the filter is to be applied to IP-based transmission control protocol or the user datagram protocol.
tcp
: Filter applies to TPC packets.
udp
: Filter applies to UDP packets.
source_address
The IP address(es) form which the packet originated.
This option is used to filter all packets from a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this option. The range can then
be configured using the
This option is used to filter all packets from a specific IP address or a group of IP addresses.
When specifying a group of addresses, the initial address is configured using this option. The range can then
be configured using the
source_wildcard
parameter.
source_wildcard
This option is used in conjunction with the
source_address
option to specify a group of addresses for
which packets are to be filtered.
The mask must be entered as a complement:
The mask must be entered as a complement:
Zero-bits in this parameter mean that the corresponding bits configured for the
source_address
parameter must be identical.
One-bits in this parameter mean that the corresponding bits configured for the
source_address
parameter must be ignored.
Important:
The mask must contain a contiguous set of one-bits from the least significant bit (LSB).
any
Specifies that the rule applies to all packets.