Chapter 18
P Commands
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
icmp
icmp-type
icmp-code
tcp
source-port-operator
source-port-number
udp
dest-port-operator
dest-port-operator
range
established
Defaults
None.
Command Modes
IPv6-ACL configuration submode.
Command History
Release
3.0(1)
Usage Guidelines
The following guidelines can assist you in configuring an IPv6-ACL. For complete information, refer to
the Cisco MDS 9000 Family CLI Configuration Guide.
•
Do not apply IPv6-ACLs to just one member of a PortChannel group. Apply IPv6-ACLs to the entire
Caution
channel group.
•
•
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Applies the ACL to any Internet Control Message Protocol (ICMP) packet.
Specifies an ICMP message type. The range is 0 to 255.
Specifies an ICMP message code. The range is 0 255.
Applies the ACL to any TCP packet.
Specifies an operand that compares the source ports of the specified protocol.
The operands are lt (less than), gt (greater than), and eq (equals).
Specifies the port number of a TCP or UDP port. The number can be from 0
to 65535. A range requires two port numbers.
Applies the ACL to any UDP packet.
Specifies an operand that compares the destination ports of the specified
protocol. The operands are lt (less than), gt (greater than), and eq (equals).
Specifies the port number of a TCP or UDP port. The number can be from 0
to 65535. A range requires two port numbers.
Specifies a range of ports to compare for the specified protocol.
Indicates an established connection, which is defined as a packet whole SYN
flag is not set.
Modification
This command was introduced.
You can apply IPv6-ACLs to VSAN interfaces, the management interface, Gigabit Ethernet
interfaces on IPS modules and MPS-14/2 modules, and Ethernet PortChannel interfaces. However,
if IPv6-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface
to a Ethernet PortChannel group.
Use only the TCP or ICMP options when configuring IPv6-ACLs on Gigabit Ethernet interfaces.
Configure the order of conditions accurately. Because the IPv6-ACL filters are applied sequentially
to the IP flows, the first match determines the action taken. Subsequent matches are not considered.
Be sure to configure the most important condition first. If no conditions match, the software drops
the packet.
permit (IPv6-ACL configuration)
Cisco MDS 9000 Family Command Reference
18-7