ipv6 access-list icmpv6

Use this command to permit or deny IPv6 ICMP packets with the given source and destination IPv6 address, DSCP value, VLAN identifier, inner VLAN identifier, fragments, and flow label.

Use the no form of this command to remove an ACL specification.

Configuring same filter again with change of sequence number or change of action will result in update of sequence number or filter action.

Command Syntax

Copy 
(<1-268435453>|)(deny|permit) (icmpv6) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/ M|X:X::X:X X:X::X:X|any) (beyond-scope| destination-unreachable| echo-reply| echo-request| header| hop-limit| mld-query| mld-reduction| mld-report| nd-na| nd-ns| next-header| no-admin| no-route| packet-too-big| parameter-option| parameter-problem| port-unreachable| reassembly-timeout| redirect| renum-command| renum-result| renum-seq-number| router-advertisement| router-renumbering| router-solicitation| time-exceeded| unreachable | (<0-255> (<0-255>|)|)) (dscp (<0-63>|af11| af12| af13| af21| af22| af23| af31|af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5|cs6| cs7| default| ef)|) (flow-label <0-1048575>|) (fragments|)(vlan <1-4094>|)(inner-vlan <1-4094>|) (log|) (sample|)((redirect-to-port IFNAME)|)
       
no (<1-268435453>|)(deny|permit) (icmpv6) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (X:X::X:X/M|X:X::X:X X:X::X:X|any) (beyond-scope| destination-unreachable| echo-reply| echo-request| header| hop-limit| mld-query| mld-reduction| mld-report| nd-na| nd-ns| next-header| no-admin| no-route| packet-too-big| parameter-option| parameter-problem| port-unreachable| reassembly-timeout| redirect| renum-command| renum-result| renum-seq-number| router-advertisement| router-renumbering| router-solicitation| time-exceeded| unreachable | (<0-255> (<0-255>|)|)) (dscp (<0-63>|af11| af12| af13| af21| af22| af23| af31|af32| af33| af41| af42| af43| cs1| cs2| cs3| cs4| cs5|cs6| cs7| default| ef )|) (flow-label <0-1048575>|) (fragments|)(vlan <1-4094>|)(inner-vlan <1-4094>|)(log|) (sample|)((redirect-to-port IFNAME)|)
        

Parameters

<1-268435453>

IPv6 ACL sequence number.

deny

Drop the packet.

permit

Accept the packet.

icmpv6

Internet Control Message Protocol packet.

X:X::X:X/M

Source Address with network mask length.

X:X::X:X X:X::X:X

Source Address with wild card mask.

any

Any source address.

X:X::X:X/M

Destination address with network mask length.

X:X::X:X X:X::X:X

Destination address with wild card mask.

any

Any destination address

beyond-scope

Destination beyond scope

destination-unreachable

Destination address is unreachable

echo-reply

Echo reply

echo-request

Echo request (ping)

header

Parameter header problems

hop-limit

Hop limit exceeded in transit

mld-query

Multicast Listener Discovery Query

mld-reduction

Multicast Listener Discovery Reduction

mld-report

Multicast Listener Discovery Report

nd-na

Neighbor discovery neighbor advertisements

nd-ns

Neighbor discovery neighbor solicitations

next-header

Parameter next header problems

no-admin

Administration prohibited destination

no-route

No route to destination

packet-too-big

Packet too big

parameter-option

Parameter option problems

parameter-problem

All parameter problems

port-unreachable

Port unreachable

reassembly-timeout

Reassembly timeout

redirect

Neighbor redirect

renum-command

Router renumbering command

renum-result

Router renumbering result

renum-seq-number

Router renumbering sequence number reset

router-advertisement

Neighbor discovery router advertisements

router-renumbering

All router renumbering

router-solicitation

Neighbor discovery router solicitations

time-exceeded

All time exceeded messages

unreachable

All unreachable

<0-255>

ICMPv6 message type

<0-255>

ICMPv6 message code

dscp

Match packets with given DSCP value.

<0-63>

Enter DSCP value between 0-63.

af11

AF11 DSCP (001010) decimal value 10.

af12

AF12 DSCP (001100) decimal value 12.

af13

AF13 DSCP (001110) decimal value 14.

af21

AF21 DSCP (010010) decimal value 18.

af22

AF22 DSCP (010100) decimal value 20.

af23

AF23 DSCP (010110) decimal value 22.

af31

AF31 DSCP (011010) decimal value 26.

af32

AF32 DSCP (011100) decimal value 28.

af33

AF33 DSCP (011110) decimal value 30.

af41

AF41 DSCP (100010) decimal value 34

af42

AF42 DSCP (100100) decimal value 36.

af43

AF43 DSCP (100110) decimal value 38.

cs1

CS1 (precedence 1) DSCP (001000) decimal value 8.

cs2

CS2 (precedence 2) DSCP (010000) decimal value 16.

cs3

CS3 (precedence 3) DSCP (011000) decimal value 24.

cs4

CS4 (precedence 4) DSCP (100000) decimal value 32.

cs5

CS5 (precedence 5) DSCP (101000) decimal value 40.

cs6

CS6 (precedence 6) DSCP (110000) decimal value 48.

cs7

CS7 (precedence 7) DSCP (111000) decimal value 56.

default

Default DSCP (000000) decimal value 0.

ef

EF DSCP (101110) decimal value 46.

flow-label

IPv6 Flow-label.

<0-1048575>

IPv6 Flow-label value.

fragments

Check non-initial fragments.

vlan <1-4094>

Match packets with given VLAN identifier.

inner-vlan <1-4094>

Match packets with given inner VLAN identifier.

redirect-to-port

Redirect the packet (in-direction only)

IFNAME

Interface name to which packet to be redirected (switchport only)

log

Log the packets matching the filter (in-direction only). sample Sample the packets matching the filter (in-direction only).

sample

Sample the packets matching the filter (in-direction only).

Default

No default value is specified

Command Mode

IPv6 access-list mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

Copy 

#configure terminal
(config)#ipv6 access-list mylist
(config-ipv6-acl)#200 permit icmpv6 any any 
            
Copy 

(config-ipv6-acl)#200 permit icmpv6 any any fragments