HP Cisco MDS 9216A Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2 - Page 401

Chapter 6 Security Commands permit (IPv6) Send comments to [email protected] established flags (TCP only; Optional) Specifies that the rule matches only packets that belong to an established TCP connection. The device considers TCP packets with the ACK or RST bits set to belong to an established connection. (TCP only; Optional) Rule matches only packets that have specific TCP control bit flags set. The value of the flags argument must be one or more of the following keywords: • ack • fin • psh • rst • syn • urg Command Default None Command Modes IPv6 ACL configuration Command History Release 4.0(1a)N1(1) Modification This command was introduced. Usage Guidelines A newly created IPv6 ACL contains no rules. When the device applies an IPv6 ACL to a packet, it evaluates the packet with every rule in the ACL. The device enforces the first rule whose conditions are satisfied by the packet. When the conditions of more than one rule are satisfied, the device enforces the rule with the lowest sequence number. This command does not require a license. Source and Destination You can specify the source and destination arguments in one of several ways. In each rule, the method you use to specify one of these arguments does not affect how you specify the other. When you configure a rule, use the following methods to specify the source and destination arguments: • IPv6 address group object-You can use an IPv6 address group object to specify a source or destination argument. Use the object-group ipv6 address command to create and change IPv6 address group objects. The syntax is as follows: addrgroup address-group-name The following example shows how to use an IPv6 address object group named lab-svrs-1301 to specify the destination argument: switch(config-acl)# permit ipv6 any addrgroup lab-svrs-1301 • Address and variable-length subnet mask-You can use an IPv6 address followed by a variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The syntax is as follows: OL-16599-01 Cisco Nexus 5000 Series Command Reference 6-67