PC1>ping SRV1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::30, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SRV1#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:700
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:0:3::30, subnet is 2001:DB8:0:3::/64 .....這個才是對的!
Joined group address(es):
...
PC1>ping 2001:DB8:0:3::30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
!!!!! ok , 所以是PC1名稱解析的問題。
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/13/54 ms
PC1#sh running-config
..
...
ip host SRV1 10.10.3.30
ip host SRV2 10.10.1.40
no ip cef
ipv6 host SRV2 2001:DB8:0:4::40
ipv6 host SRV1 2001:DB8:0:4::30
ipv6 host PC1 2001:DB8:0:1:A8BB:CCFF:FE00:100
ipv6 host PC2 2001:DB8:0:1:A8BB:CCFF:FE00:200
...
..
PC1(config)#ipv6 host SRV1 2001:DB8:0:3::30 ....改成正確的!
PC1(config)#end
PC1#ping SRV1
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
PC2>ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
% No valid route for destination
Success rate is 0 percent (0/1)
PC2>ping SRV1
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
% No valid route for destination
Success rate is 0 percent (0/1)
是不是路由問題?
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
% No valid route for destination
Success rate is 0 percent (0/1)
PC2>ping SRV1
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
% No valid route for destination
Success rate is 0 percent (0/1)
是不是路由問題?
PC2#sh ipv6 route
IPv6 Routing Table - default - 1 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L FF00::/8 [0/0] ...... multicast
via Null0, receive
PC2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:200
No Virtual link-local address(es):
Stateless address autoconfig enabled
No global unicast address is configured
Joined group address(es):
...
..
R2#sh ipv6 int e0/0
Ethernet0/0 is administratively down, line protocol is down ....介面沒啟用
IPv6 is tentative, link-local address is FE80::A8BB:CCFF:FE00:200 [TEN]
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:0:2::1, subnet is 2001:DB8:0:2::/64 [TEN]
...
IPv6 Routing Table - default - 1 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
L FF00::/8 [0/0] ...... multicast
via Null0, receive
PC2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:200
No Virtual link-local address(es):
Stateless address autoconfig enabled
No global unicast address is configured
Joined group address(es):
...
..
R2#sh ipv6 int e0/0
Ethernet0/0 is administratively down, line protocol is down ....介面沒啟用
IPv6 is tentative, link-local address is FE80::A8BB:CCFF:FE00:200 [TEN]
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:0:2::1, subnet is 2001:DB8:0:2::/64 [TEN]
...
R2(config)#int e0/0
R2(config-if)#no sh
R2(config-if)#
*Apr 2 01:46:49.138: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Apr 2 01:46:50.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
R2(config-if)#do sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:200
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:0:2::1, subnet is 2001:DB8:0:2::/64
...
PC2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:200
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:0:2:AABB:CCFF:FE00:200, subnet is 2001:DB8:0:2::/64 [EUI/CAL/PRE]
valid lifetime 2591827 preferred lifetime 604627
...
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:200
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:0:2:AABB:CCFF:FE00:200, subnet is 2001:DB8:0:2::/64 [EUI/CAL/PRE]
valid lifetime 2591827 preferred lifetime 604627
...
PC2#ping SRV1
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Step3:The user at PC2 is much happier now because of being able to access SRV1.However,the user is still having difficulty reaching SRV2.Connectivity is terrible.When the user attempts to ping SRV2,Half of the packets time out.
PC2#ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!.!.! ....怪怪的,一半一半。
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Step3:The user at PC2 is much happier now because of being able to access SRV1.However,the user is still having difficulty reaching SRV2.Connectivity is terrible.When the user attempts to ping SRV2,Half of the packets time out.
PC2#ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!.!.! ....怪怪的,一半一半。
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
R2#sh ipv6 route
IPv6 Routing Table - default - 12 entries
Codes:
C - Connected,
L - Local,
S - Static,
U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router,
R - RIP
...
S 2001:DB8:0:1::/64 [1/0]
via 2001:DB8:0:23::2
via 2001:DB8:0:24::2
C 2001:DB8:0:2::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:2::1/128 [0/0]
via Ethernet0/0, receive
L 2001:DB8:0:23::1/128 [0/0]
via Ethernet1/0, receive
L 2001:DB8:0:24::1/128 [0/0]
via Ethernet1/1, receive
IPv6 Routing Table - default - 12 entries
Codes:
C - Connected,
L - Local,
S - Static,
U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router,
R - RIP
...
S 2001:DB8:0:1::/64 [1/0]
via 2001:DB8:0:23::2
via 2001:DB8:0:24::2
C 2001:DB8:0:2::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:2::1/128 [0/0]
via Ethernet0/0, receive
C 2001:DB8:0:23::/64 [0/0]
via Ethernet1/0, directly connectedL 2001:DB8:0:23::1/128 [0/0]
via Ethernet1/0, receive
C 2001:DB8:0:24::/64 [0/0]
via Ethernet1/1, directly connectedL 2001:DB8:0:24::1/128 [0/0]
via Ethernet1/1, receive
R4#sh ipv6 route
...
C 2001:DB8:0:4::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:4::1/128 [0/0]
via Ethernet0/0, receive
C 2001:DB8:0:14::/64 [0/0]
via Ethernet2/0, directly connected
L 2001:DB8:0:14::2/128 [0/0]
via Ethernet2/0, receive
C 2001:DB8:0:24::/64 [0/0]
via Ethernet2/1, directly connected
L 2001:DB8:0:24::2/128 [0/0]
via Ethernet2/1, receive
...看起來都正常,問題似乎在SRV2身上。
...
C 2001:DB8:0:4::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:4::1/128 [0/0]
via Ethernet0/0, receive
C 2001:DB8:0:14::/64 [0/0]
via Ethernet2/0, directly connected
L 2001:DB8:0:14::2/128 [0/0]
via Ethernet2/0, receive
S 2001:DB8:0:23::/64 [1/0]
via 2001:DB8:0:24::1C 2001:DB8:0:24::/64 [0/0]
via Ethernet2/1, directly connected
L 2001:DB8:0:24::2/128 [0/0]
via Ethernet2/1, receive
...看起來都正常,問題似乎在SRV2身上。
SRV2#sh ipv6 route
...
S ::/0 [1/0] 預設 Default Route
via 2001:DB8:0:4::1
via 2001:DB8:0:4::2 ...................(x)
C 2001:DB8:0:4::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:4::40/128 [0/0]
via Ethernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive
...
S ::/0 [1/0] 預設 Default Route
via 2001:DB8:0:4::1
via 2001:DB8:0:4::2 ...................(x)
C 2001:DB8:0:4::/64 [0/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:4::40/128 [0/0]
via Ethernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive
SRV2(config)#no ipv6 route ::/0 2001:DB8:0:4::2
PC2#ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Step 4: ACL 問題,在不停掉條件下,加入一條讓PC1連到SRV port 80
PC1#telnet SRV2 80
Trying 2001:DB8:0:4::40, 80 ...
% Destination unreachable; gateway or host down
PC1#ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#traceroute SRV2
Tracing the route to SRV2 (2001:DB8:0:4::40)
1 2001:DB8:0:1::1 5 msec 1 msec 1 msec
2 2001:DB8:0:14::2 1 msec 1 msec 1 msec
3 SRV2 (2001:DB8:0:4::40) 0 msec 1 msec 1 msec
R1#sh ipv6 access-list
R1# ....ACL沒設在R1這邊
Building configuration...
Current configuration : 100 bytes
!
interface Ethernet2/0
ip address 10.1.1.9 255.255.255.252
ipv6 address 2001:DB8:0:14::2/64
end
R4#sh running-config int e0/0
...
interface Ethernet0/0
ip address 10.10.4.1 255.255.255.0
ip access-group Server out
ipv6 address 2001:DB8:0:4::1/64
ipv6 traffic-filter Outbound out
end
R4(config)#ipv6 access-list Outbound
R4(config-ipv6-acl)#?
IPv6 Access List configuration commands:
default Set a command to its defaults
deny Specify packets to reject
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
sequence Sequence number for this entry
PC1#sh ipv6 int
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:100
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:0:1:AABB:CCFF:FE00:100, subnet is 2001:DB8:0:1::/64 [EUI/CAL/PRE]
valid lifetime 2591890 preferred lifetime 604690
Joined group address(es):
FF02::1
FF02::1:FF00:100
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
Default router is FE80::A8BB:CCFF:FE00:100 on Ethernet0/0
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:AABB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq www sequence 5
R4#sh ipv6 access-list
IPv6 access list Outbound
permit tcp host 2001:DB8:0:1:AABB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq www (3 matches) sequence 5
deny tcp any host 2001:DB8:0:4::40 eq www sequence 10
deny tcp any host 2001:DB8:0:4::40 eq 443 sequence 20
permit tcp any host 2001:DB8:0:4::40 sequence 30
permit icmp any any (22 matches) sequence 40
permit tcp any any eq telnet sequence 50
permit ipv6 any any (3 matches) sequence 60
PC1#telnet SRV2 80
Trying 2001:DB8:0:4::40, 80 ...
% Destination unreachable; gateway or host down
R4(config-ipv6-acl)#permit ?
<0-255> An IPv6 protocol number
X:X:X:X::X/<0-128> IPv6 source prefix x:x::y/<z>
ahp Authentication Header Protocol
any Any source prefix
esp Encapsulation Security Payload
hbh Hop by Hop options header
host A single source host
icmp Internet Control Message Protocol
ipv6 Any IPv6
pcp Payload Compression Protocol
sctp Streams Control Transmission Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
R4(config-ipv6-acl)#permit tcp ?
X:X:X:X::X/<0-128> IPv6 source prefix x:x::y/<z>
any Any source prefix
host A single source host
R4(config-ipv6-acl)#permit tcp host ?
X:X:X:X::X IPv6 source address x:x::y
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 ?
X:X:X:X::X/<0-128> IPv6 destination prefix x:x::y/<z>
any Any destination prefix
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host ?
X:X:X:X::X IPv6 destination address x:x::y
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 ?
ack Match on the ACK bit
auth Match on authentication header
dest-option Destination Option header (all types)
dscp Match packets with given dscp value
eq Match only packets on a given port number
established Match established connections
fin Match on the FIN bit
flow-label Flow label
gt Match only packets with a greater port number
hbh Match on hop-by-hop option
log Log matches against this entry
log-input Log matches against this entry, including input
lt Match only packets with a lower port number
mobility Mobility header (all types)
mobility-type Mobility header with type
neq Match only packets not on a given port number
psh Match on the PSH bit
range Match only packets in the range of port numbers
reflect Create reflexive access list entry
routing Routing header (all types)
routing-type Routing header with type
rst Match on the RST bit
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq ?
<0-65535> Port number
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
daytime Daytime (13)
discard Discard (9)
domain Domain Name Service (53)
drip Dynamic Routing Information Protocol (3949)
echo Echo (7)
exec Exec (rsh, 512)
finger Finger (79)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20)
gopher Gopher (70)
hostname NIC hostname server (101)
ident Ident Protocol (113)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Login (rlogin, 513)
lpd Printer service (515)
nntp Network News Transport Protocol (119)
pim-auto-rp PIM Auto-RP (496)
pop2 Post Office Protocol v2 (109)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
sunrpc Sun Remote Procedure Call (111)
tacacs TAC Access Control System (49)
talk Talk (517)
telnet Telnet (23)
time Time (37)
uucp Unix-to-Unix Copy Program (540)
whois Nicname (43)
www World Wide Web (HTTP, 80)
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq www ?
ack Match on the ACK bit
auth Match on authentication header
dest-option Destination Option header (all types)
dscp Match packets with given dscp value
established Match established connections
fin Match on the FIN bit
flow-label Flow label
hbh Match on hop-by-hop option
log Log matches against this entry
log-input Log matches against this entry, including input
mobility Mobility header (all types)
mobility-type Mobility header with type
psh Match on the PSH bit
reflect Create reflexive access list entry
routing Routing header (all types)
routing-type Routing header with type
rst Match on the RST bit
sequence Sequence number for this entry
syn Match on the SYN bit
time-range Specify a time-range
urg Match on the URG bit
<cr>
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Step 4: ACL 問題,在不停掉條件下,加入一條讓PC1連到SRV port 80
PC1#telnet SRV2 80Trying 2001:DB8:0:4::40, 80 ...
% Destination unreachable; gateway or host down
PC1#ping SRV2
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#traceroute SRV2
Tracing the route to SRV2 (2001:DB8:0:4::40)
1 2001:DB8:0:1::1 5 msec 1 msec 1 msec
2 2001:DB8:0:14::2 1 msec 1 msec 1 msec
3 SRV2 (2001:DB8:0:4::40) 0 msec 1 msec 1 msec
R1#sh ipv6 access-list
R1# ....ACL沒設在R1這邊
R4#sh ipv6 access-list
IPv6 access list Outbound ....bingo!
deny tcp any host 2001:DB8:0:4::40 eq www (1 match) sequence 10
deny tcp any host 2001:DB8:0:4::40 eq 443 sequence 20
permit tcp any host 2001:DB8:0:4::40 sequence 30
permit icmp any any (22 matches) sequence 40
permit tcp any any eq telnet sequence 50
permit ipv6 any any (3 matches) sequence 60
R4#sh running-config int e2/0IPv6 access list Outbound ....bingo!
deny tcp any host 2001:DB8:0:4::40 eq www (1 match) sequence 10
deny tcp any host 2001:DB8:0:4::40 eq 443 sequence 20
permit tcp any host 2001:DB8:0:4::40 sequence 30
permit icmp any any (22 matches) sequence 40
permit tcp any any eq telnet sequence 50
permit ipv6 any any (3 matches) sequence 60
Building configuration...
Current configuration : 100 bytes
!
interface Ethernet2/0
ip address 10.1.1.9 255.255.255.252
ipv6 address 2001:DB8:0:14::2/64
end
R4#sh running-config int e0/0
...
interface Ethernet0/0
ip address 10.10.4.1 255.255.255.0
ip access-group Server out
ipv6 address 2001:DB8:0:4::1/64
ipv6 traffic-filter Outbound out
end
R4(config)#ipv6 access-list Outbound
R4(config-ipv6-acl)#?
IPv6 Access List configuration commands:
default Set a command to its defaults
deny Specify packets to reject
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
sequence Sequence number for this entry
PC1#sh ipv6 int
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::AABB:CCFF:FE00:100
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:0:1:AABB:CCFF:FE00:100, subnet is 2001:DB8:0:1::/64 [EUI/CAL/PRE]
valid lifetime 2591890 preferred lifetime 604690
Joined group address(es):
FF02::1
FF02::1:FF00:100
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
Default router is FE80::A8BB:CCFF:FE00:100 on Ethernet0/0
R4#sh ipv6 access-list
IPv6 access list Outbound
permit tcp host 2001:DB8:0:1:AABB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq www (3 matches) sequence 5
deny tcp any host 2001:DB8:0:4::40 eq www sequence 10
deny tcp any host 2001:DB8:0:4::40 eq 443 sequence 20
permit tcp any host 2001:DB8:0:4::40 sequence 30
permit icmp any any (22 matches) sequence 40
permit tcp any any eq telnet sequence 50
permit ipv6 any any (3 matches) sequence 60
PC1#telnet SRV2 80
Trying 2001:DB8:0:4::40, 80 ...
% Destination unreachable; gateway or host down
<0-255> An IPv6 protocol number
X:X:X:X::X/<0-128> IPv6 source prefix x:x::y/<z>
ahp Authentication Header Protocol
any Any source prefix
esp Encapsulation Security Payload
hbh Hop by Hop options header
host A single source host
icmp Internet Control Message Protocol
ipv6 Any IPv6
pcp Payload Compression Protocol
sctp Streams Control Transmission Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
R4(config-ipv6-acl)#permit tcp ?
X:X:X:X::X/<0-128> IPv6 source prefix x:x::y/<z>
any Any source prefix
host A single source host
R4(config-ipv6-acl)#permit tcp host ?
X:X:X:X::X IPv6 source address x:x::y
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 ?
X:X:X:X::X/<0-128> IPv6 destination prefix x:x::y/<z>
any Any destination prefix
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host ?
X:X:X:X::X IPv6 destination address x:x::y
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 ?
ack Match on the ACK bit
auth Match on authentication header
dest-option Destination Option header (all types)
dscp Match packets with given dscp value
eq Match only packets on a given port number
established Match established connections
fin Match on the FIN bit
flow-label Flow label
gt Match only packets with a greater port number
hbh Match on hop-by-hop option
log Log matches against this entry
log-input Log matches against this entry, including input
lt Match only packets with a lower port number
mobility Mobility header (all types)
mobility-type Mobility header with type
neq Match only packets not on a given port number
psh Match on the PSH bit
range Match only packets in the range of port numbers
reflect Create reflexive access list entry
routing Routing header (all types)
routing-type Routing header with type
rst Match on the RST bit
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq ?
<0-65535> Port number
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
daytime Daytime (13)
discard Discard (9)
domain Domain Name Service (53)
drip Dynamic Routing Information Protocol (3949)
echo Echo (7)
exec Exec (rsh, 512)
finger Finger (79)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (20)
gopher Gopher (70)
hostname NIC hostname server (101)
ident Ident Protocol (113)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Login (rlogin, 513)
lpd Printer service (515)
nntp Network News Transport Protocol (119)
pim-auto-rp PIM Auto-RP (496)
pop2 Post Office Protocol v2 (109)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
sunrpc Sun Remote Procedure Call (111)
tacacs TAC Access Control System (49)
talk Talk (517)
telnet Telnet (23)
time Time (37)
uucp Unix-to-Unix Copy Program (540)
whois Nicname (43)
www World Wide Web (HTTP, 80)
R4(config-ipv6-acl)#permit tcp host 2001:DB8:0:1:A8BB:CCFF:FE00:100 host 2001:DB8:0:4::40 eq www ?
ack Match on the ACK bit
auth Match on authentication header
dest-option Destination Option header (all types)
dscp Match packets with given dscp value
established Match established connections
fin Match on the FIN bit
flow-label Flow label
hbh Match on hop-by-hop option
log Log matches against this entry
log-input Log matches against this entry, including input
mobility Mobility header (all types)
mobility-type Mobility header with type
psh Match on the PSH bit
reflect Create reflexive access list entry
routing Routing header (all types)
routing-type Routing header with type
rst Match on the RST bit
sequence Sequence number for this entry
syn Match on the SYN bit
time-range Specify a time-range
urg Match on the URG bit
<cr>
沒有留言:
張貼留言