ipv6 access-list¶
Configure a IPv6 Access List
access-list Specification¶
Type Collection Object Key(s) name Collection Name access-list-list Collection URI /axapi/v3/ipv6/access-list Element Name access-list Element URI /axapi/v3/ipv6/access-list/{name} Element Attributes access-list_attributes Schema access-list schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ipv6/access-list | ||
Create List | POST | /axapi/v3/ipv6/access-list | ||
Get Object | GET | /axapi/v3/ipv6/access-list/{name} | ||
Get List | GET | /axapi/v3/ipv6/access-list | ||
Modify Object | POST | /axapi/v3/ipv6/access-list/{name} | ||
Replace Object | PUT | /axapi/v3/ipv6/access-list/{name} | ||
Replace List | PUT | /axapi/v3/ipv6/access-list | ||
Delete Object | DELETE | /axapi/v3/ipv6/access-list/{name} |
access-list-list¶
access-list-list is JSON List of access-list attributes
access-list-list : [
]
access-list attributes¶
name
Description Named Access List
Type: string
Maximum Length: 16 characters
Maximum Length: 1 characters
rules
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
rules¶
Specification Type list Block object keys acl-log
Description Log matches against this entry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action
Description ‘deny’: Deny; ‘permit’: Permit; ‘l3-vlan-fwd-disable’: Disable L3 forwarding between VLANs;
Type: string
Supported Values: deny, permit, l3-vlan-fwd-disable
any-code
Description Any ICMP code
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: any-code icmp-code and special-code are mutually exclusive
any-type
Description Any ICMP type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: any-type icmp-type and special-type are mutually exclusive
dscp
Description DSCP
Type: number
Range: 1-63
dst-any
Description Any destination host
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: dst-anydst-host, dst-subnet and dst-object-group are mutually exclusive
dst-eq
Description Match only packets on a given destination port (port number)
Type: number
Range: 1-65535
Mutual Exclusion: dst-eqdst-gt, dst-lt and dst-range are mutually exclusive
dst-gt
Description Match only packets with a greater port number
Type: number
Range: 1-65534
Mutual Exclusion: dst-gtdst-eq, dst-lt and dst-range are mutually exclusive
dst-host
Description A single destination host (Host address)
Type: string
Format: ipv6-address
Mutual Exclusion: dst-hostdst-any, dst-subnet and dst-object-group are mutually exclusive
dst-lt
Description Match only packets with a lesser port number
Type: number
Range: 2-65535
Mutual Exclusion: dst-ltdst-eq, dst-gt and dst-range are mutually exclusive
dst-object-group
Description Destination network object group name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-object-groupdst-any, dst-host and dst-subnet are mutually exclusive
dst-port-end
Description Edning Destination Port Number
Type: number
Range: 1-65535
dst-range
Description Match only packets in the range of port numbers (Starting Destination Port Number)
Type: number
Range: 1-65535
Mutual Exclusion: dst-rangedst-eq, dst-gt and dst-lt are mutually exclusive
dst-subnet
Description Destination Address
Type: string
Format: ipv6-address-plen
Mutual Exclusion: dst-subnetdst-any, dst-host and dst-object-group are mutually exclusive
established
Description TCP established
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ethernet
Description Ethernet interface (Port number)
Type: number
Format: interface
fragments
Description IP fragments
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
geo-location
Description Specify geo-location name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: geo-locationicmp, tcp, udp, ipv6 and service-obj-group are mutually exclusive
icmp
Description Internet Control Message Protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: icmptcp, udp, ipv6, service-obj-group and geo-location are mutually exclusive
icmp-code
Description ICMP code number
Type: number
Range: 0-254
Mutual Exclusion: icmp-code any-code and special-code are mutually exclusive
icmp-type
Description ICMP type number
Type: number
Range: 0-254
Mutual Exclusion: icmp-type any-type and special-type are mutually exclusive
ipv6
Description Any Internet Protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ipv6icmp, tcp, udp, service-obj-group and geo-location are mutually exclusive
remark
Description Access list entry comment (Notes for this ACL)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
seq-num
Description Sequence Number
Type: number
Range: 1-8192
service-obj-group
Description Service object group (Source object group name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: service-obj-groupicmp, tcp, udp, ipv6 and geo-location are mutually exclusive
special-code
Description ‘addr-unreachable’: Code 3, address unreachable; ‘admin-prohibited’: Code 1, admin prohibited; ‘no-route’: Code 0, no route to destination; ‘not-neighbour’: Code 2, not neighbor; ‘port-unreachable’: Code 4, destination port unreachable;
Type: string
Supported Values: addr-unreachable, admin-prohibited, no-route, not-neighbour, port-unreachable
Mutual Exclusion: special-code any-code and icmp-code are mutually exclusive
special-type
Description ‘echo-reply’: Type 129, echo reply; ‘echo-request’: help Type 128, echo request; ‘packet-too-big’: Type 2, packet too big; ‘param-prob’: Type 4, parameter problem; ‘time-exceeded’: Type 3, time exceeded; ‘dest-unreachable’: Type 1, destination unreachable;
Type: string
Supported Values: echo-reply, echo-request, packet-too-big, param-prob, time-exceeded, dest-unreachable
Mutual Exclusion: special-type icmp-type and any-type are mutually exclusive
src-any
Description Any source host
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: src-anysrc-host, src-subnet and src-object-group are mutually exclusive
src-eq
Description Match only packets on a given source port (port number)
Type: number
Range: 1-65535
Mutual Exclusion: src-eqsrc-gt, src-lt and src-range are mutually exclusive
src-gt
Description Match only packets with a greater port number
Type: number
Range: 1-65534
Mutual Exclusion: src-gtsrc-eq, src-lt and src-range are mutually exclusive
src-host
Description A single source host (Host address)
Type: string
Format: ipv6-address
Mutual Exclusion: src-hostsrc-any, src-subnet and src-object-group are mutually exclusive
src-lt
Description Match only packets with a lower port number
Type: number
Range: 2-65535
Mutual Exclusion: src-ltsrc-eq, src-gt and src-range are mutually exclusive
src-object-group
Description Network object group (Source network object group name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-object-groupsrc-any, src-host and src-subnet are mutually exclusive
src-port-end
Description Ending Port Number
Type: number
Range: 1-65535
src-range
Description match only packets in the range of port numbers (Starting Port Number)
Type: number
Range: 1-65535
Mutual Exclusion: src-rangesrc-eq, src-gt and src-lt are mutually exclusive
src-subnet
Description Source Address
Type: string
Format: ipv6-address-plen
Mutual Exclusion: src-subnetsrc-any, src-host and src-object-group are mutually exclusive
tcp
Description protocol TCP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: tcpicmp, udp, ipv6, service-obj-group and geo-location are mutually exclusive
trunk
Description Ethernet trunk (trunk number)
Type: number
Format: interface
udp
Description protocol UDP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: udpicmp, tcp, ipv6, service-obj-group and geo-location are mutually exclusive
vlan
Description VLAN ID
Type: number
Range: 1-4094