Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

match

policy ipv6 access-list sequence match—Define the properties that must be matched so that an IPv6 policy action can take effect (on vEdge routers only).

Command Hierarchy

For Localized Data Policy for IPv6

Configure on vEdge routers only.

policy ipv6
  access-list acl-name    
    sequence number
      match
        class class-name
        destination-port number
        next-header protocol
        packet-length number
        plp (high | low)
        source-port number
        tcp flag
        traffic-class value

Options

For Localized Data Policy for IPv6

Classification
class class-name
Match the specified class name. The name can be from 1 through 32 characters.
Destination Port
destination-port number
Match a destination port number. number can be 0 though 65535. Specify a single number, a list of numbers (with numbers separated by a space), or a range of numbers (with the two numbers separated with a hyphen [-]).
Next Protocol
next-header protocol
Match the next TCP or IP protocol in the IPv6 header. protocol is the number of an IPv6 protocol, and can be a value from 0 through 255.
Packet Length
packet-length number
Match packets of the specified length. The packet length is a combination of the lengths of the IPv6 header and the packet payload. number can be 0 though 65535. Specify a single length, a list of lengths (with numbers separated by a space), or a range of lengths (with the two numbers separated with a hyphen [-])
Packet Loss Priority
plp (high | low)
Match a packet's loss priority (PLP). By default, packets have a PLP value of low. To set a packet's PLP value to high, apply a policer that includes the exceed remark option.
Source Port
source-port number
Match a source port. number can be 0 through 65535. Specify a single number, a list of numbers (with numbers separated by a space), or a range of numbers (with the two numbers separated with a hyphen [-]).
TCP Flag
tcp flag
Match TCP flags. flag can be syn.
Traffic Class
traffic-class number
Match the specified traffic class value. number can be from 0 through 63.

Operational Commands

show running-config policy

Example

Configure an IPv6 ACL that changes the traffic class on TCP port 80 data traffic, and apply the ACL to an interface in VPN 0:

vEdge# show running-config policy ipv6 access-list 
policy
 ipv6 access-list traffic-class-48-to-46
 sequence 10
  match
   destination-port 80
   traffic-class    48
  !
  action accept
   count port_80
   log
   set
    traffic-class 46
   !
  !
 !
 default-action accept
 !
!
vEdge# show running-config vpn 0 interface ge0/7 ipv6
vpn 0
 interface ge0/7
  ipv6 access-list traffic-class-48-to-46 in
 !
!

Release Information

Command introduced in Viptela Software Release 14.1.​
In Release 16.3, add support for IPv6 ACLs.

Additional Information

See the Policy Overview article for your software release.
match (for IPv4)

  • Was this article helpful?