Software

Networking Storage Software

Networking Storage Software

Celestica Documentation Portal

Find your product documents here

Software

Software Contents

SONiC

CLI Reference Guide

Revision 1.1

Access Control Lists

IPv6 ACL Commands

IPv6 Access-list rules create and delete

IPv6 Access-list rules create and delete

Adds new rules for the IPv6 access-list from the config-ipv6-acl mode.


Syntax for L3 protocols {protocol-number \| ipv6 \| icmpv6}	`sequence <seq-number> {permit \| deny} {protocol-number \| ipv6 \| icmpv6} <source-ipv6-address> <destination-ipv6-address> [dscp <dscp-value>]`
Command mode	ACL IPv6 mode
Parameters	`seq-number` – Sequence number for the ACL rule. Range: 1 – 65535. `permit` – Forward the traffic. `deny` – Drop the traffic. `protocol-number` – Supported protocol number (1, 2, 6, 17, 46, 47, 51, 58, 103, 115). Range: 0 – 255. `ipv6` – IPv6 packets. `icmpv6` – ICMPv6 packets. `source-ipv6-address` – Can be one of the below value: `A::B/mask` – Source IPv6 prefix. `any` – Keyword for matching any IPv6 address. `src-host <ipv6-address>` – Source Host IPv6 address. `destination-ipv6-address` – Can be one of the below value: `A::B/mask` – Destination IPv6 prefix. `any` – Keyword for matching any IPv6 address. `dst-host <ipv6-address>` – Destination Host IPv6 address. `dscp-value` – Considers only packets matching DSCP value. Range: 0 – 63.
Syntax for L4 protocols {tcp \| udp}	`sequence <seq-number> {permit \| deny} {tcp \| udp} <source-ipv6-address> [src-eq <src-l4-port>\| src-gt <src-start-l4-port> \| src-lt <src-end-l4-port> \| src-range <src-start-l4-port> <src-end-l4-port>] <destination-ipv6-address> [dst-eq <dst-l4-port>\| dst-gt <dst-start-l4-port> \| dst-lt <dst-end-l4-port> \| dst-range <dst-start-l4-port> <dst-end-l4-port>] [ack \| fin \| psh \| rst \| syn \| urg] [dscp <dscp-value>]`
Parameters	`src-l4-port` – L4 port number. Range: 0 – 65535. `src-start-l4-port` – Matches all L4 source port number greater than the given L4 port number. Range: 0 – 65534. `src-end-l4-port` – Matches all L4 source port number lesser than the given L4 port number. Range: 1 – 65535. `dst-l4-port` – L4 port number. Range: 0 – 65535. `dst-start-l4-port` – Matches all L4 destination port number greater than the given L4 port number. Range: 0 – 65534. `dst-end-l4-port` – Matches all L4 destination port number lesser than the given L4 port number. Range: 1 – 65535. `ack \| fin \| psh \| rst \| syn \| urg` – Matches the TCP flags. Applicable only for TCP protocol.
Usage	Use the `no sequence <sequence-number>` command to remove the access-list rule corresponding to given sequence number.
Supported Releases	1.0.0 or later
Click command	`config acl update {full \| incremental} <filename>` `full` – Full update of ACL rules configuration. `incremental` – Incremental update of ACL rule configuration.
Example `sonic(config)# ipv6 access-list ipv6_access_name sonic(config-ipv6-acl)# sequence 1 permit ipv6 1::1/64 2::2/64 dscp 63 sonic(config-ipv6-acl)# sequence 2 deny tcp src-host 1::1 src-eq 1000 dst-host 2::2 dst-range 2000 4000 ack urg dscp 63 sonic# configure terminal sonic(config)# ipv6 access-list ipv6_access_name sonic(config-ipv6-acl)# no sequence 1 sonic(config-ipv6-acl)# no sequence 2`

Last updated: October 8, 2024