Adding Rules (ACEs) for an IPv6-Based ACL
- Click Access Control > IPv6 Based ACE. The IPv6 Based ACE page opens.
This window displays the ACE (rules) for a specified ACL (group of rules).
- Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are displayed.
- Click Add. The Add IPv6 Based ACE page opens.
- Enter the parameters.
- ACL Name--Displays the name of the ACL to which an ACE is being added.
- Priority--Enter the priority. ACEs with higher priority are processed first.
- Action--Select the action assigned to the packet matching the ACE. The options are as follows:
- Protocol--Select to create an ACE based on a specific protocol. Select Any (IPv6) to accept all IP protocols. Otherwise select one of the following protocols:
- TCP--Transmission Control Protocol. Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees that packets are transmitted and received in the order they were sent.
- UDP--User Datagram Protocol. Transmits packets but does not guarantee their delivery.
- ICMP--Matches packets to the Internet Control Message Protocol (ICMP).
- Protocol ID to Match--Enter the ID of the protocol to be matched.
- Source IP Address--Select Any if all source address are acceptable or User defined to enter a source address or range of source addresses.
- Source IP Address Value--Enter the IP address to which the source IP address will be matched and its mask (if relevant).
- Source IP Prefix Length--Enter the prefix length of the source IP address.
- Destination IP Address--Select Any if all destination address are acceptable or User defined to enter a destination address or a range of destination addresses.
- Destination IP Address Value--Enter the IP address to which the destination MAC address will be matched and its mask (if relevant).
- Destination IP Prefix Length--Enter the prefix length of the IP address.
- Source Port--Select one of the following:
- Destination Port--Select one of the available values. (They are the same as for the Source Port field described above).
NOTE You must specify the IPv6 protocol for the ACL before you can configure the source and/or destination port.
- TCP Flags--Select one of more TCP flags with which to filter packets. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security.
- Type of Service--The service type of the IP packet.
- ICMP--If the ACL is based on ICMP, select the ICMP message type that will be used for filtering purposes. Either select the message type by name or enter the message type number. If all message types are accepted, select Any.
- ICMP Code--The ICMP messages may have a code field that indicates how to handle the message. Select one of the following options, to configure whether to filter on this code:
- Click Apply.