Permit/deny options

You can use the following criteria as options for permitting or denying a packet:
  • source IPv6 address

  • destination IPv6 address

  • IPv6 protocol options:
    • all IPv6 traffic

    • IPv6 traffic of a specific protocol type (0-255)

    • IPv6 traffic for a specific TCP port or range of ports, including:
      • optional control of connection (established) traffic based on whether the initial request should be allowed

      • TCP flag (control bit) options

    • IPv6 traffic for a specific UDP port or range of ports

    • IPv6 traffic for a specific ICMP type and code

    • any of the above with specific DSCP precedence or ToS settings

Carefully plan ACL applications before configuring specific ACLs. For more information on this topic, see Configuring and assigning an ACL.