ipv6 access-list

Configure a IPv6 Access List

access-list Specification

Type Collection
Object Key(s) name
Collection Name access-list-list
Collection URI /axapi/v3/ipv6/access-list/
Element Name access-list
Element URI /axapi/v3/ipv6/access-list/{name}
Element Attributes access-list_attributes
Schema access-list schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/ipv6/access-list/

access-list Attributes

Create List

POST

/axapi/v3/ipv6/access-list/

access-list Attributes

Get Object

GET

/axapi/v3/ipv6/access-list/{name}

access-list Attributes

Get List

GET

/axapi/v3/ipv6/access-list/

access-list-list

Modify Object

POST

/axapi/v3/ipv6/access-list/{name}

access-list Attributes

Replace Object

PUT

/axapi/v3/ipv6/access-list/{name}

access-list Attributes

Replace List

PUT

/axapi/v3/ipv6/access-list/

access-list-list

Delete Object

DELETE

/axapi/v3/ipv6/access-list/{name}

access-list Attributes

access-list-list

access-list-list is JSON List of access-list Attributes

access-list-list : [

access-list Attributes

name

Description: Named Access List

Type: string

Required: Yes

rules

Description: rules is a JSON List . Please see below for rules

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

rules

Specification
Type list
Block object keys

acl-log

Description: Log matches against this entry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

action

Description: ‘deny’: Deny; ‘permit’: Permit; ‘l3-vlan-fwd-disable’: Disable L3 forwarding between VLANs;

Type: string

Supported Values: deny, permit, l3-vlan-fwd-disable

any-code

Description: Any ICMP code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-code icmp-code and special-code are mutually exclusive

any-type

Description: Any ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-type icmp-type and special-type are mutually exclusive

dscp

Description: DSCP

Type: number

Range: 1-63

dst-any

Description: Any destination host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: dst-any dst-host, dst-subnet and dst-object-group are mutually exclusive

dst-eq

Description: Match only packets on a given destination port (port number)

Type: number

Range: 1-65535

Mutual Exclusion: dst-eq dst-gt, dst-lt and dst-range are mutually exclusive

dst-gt

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

Mutual Exclusion: dst-gt dst-eq, dst-lt and dst-range are mutually exclusive

dst-host

Description: A single destination host (Host address)

Type: string

Format: ipv6-address

Mutual Exclusion: dst-host dst-any, dst-subnet and dst-object-group are mutually exclusive

dst-lt

Description: Match only packets with a lesser port number

Type: number

Range: 2-65535

Mutual Exclusion: dst-lt dst-eq, dst-gt and dst-range are mutually exclusive

dst-object-group

Description: Destination network object group name (Source network object group name)

Type: string

Mutual Exclusion: dst-object-group dst-any, dst-host and dst-subnet are mutually exclusive

dst-port-end

Description: Edning Destination Port Number

Type: number

Range: 1-65535

dst-range

Description: Match only packets in the range of port numbers (Starting Destination Port Number)

Type: number

Range: 1-65535

Mutual Exclusion: dst-range dst-eq, dst-gt and dst-lt are mutually exclusive

dst-subnet

Description: Destination Address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: dst-subnet dst-any, dst-host and dst-object-group are mutually exclusive

established

Description: TCP established

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fragments

Description: IP fragments

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

geo-location

Description: Specify geo-location name

Type: string

Mutual Exclusion: geo-location icmp, tcp, udp, ipv6 and service-obj-group are mutually exclusive

icmp

Description: Internet Control Message Protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: icmp tcp, udp, ipv6, service-obj-group and geo-location are mutually exclusive

icmp-code

Description: ICMP code number

Type: number

Range: 0-254

Mutual Exclusion: icmp-code any-code and special-code are mutually exclusive

icmp-type

Description: ICMP type number

Type: number

Range: 0-254

Mutual Exclusion: icmp-type any-type and special-type are mutually exclusive

ipv6

Description: Any Internet Protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ipv6 icmp, tcp, udp, service-obj-group and geo-location are mutually exclusive

remark

Description: Access list entry comment (Notes for this ACL)

Type: string

Format: string-rlx

seq-num

Description: Sequence Number

Type: number

Range: 1-8192

service-obj-group

Description: Service object group (Source object group name)

Type: string

Mutual Exclusion: service-obj-group icmp, tcp, udp, ipv6 and geo-location are mutually exclusive

special-code

Description: ‘addr-unreachable’: Code 3, address unreachable; ‘admin-prohibited’: Code 1, admin prohibited; ‘no-route’: Code 0, no route to destination; ‘not-neighbour’: Code 2, not neighbor; ‘port-unreachable’: Code 4, destination port unreachable;

Type: string

Supported Values: addr-unreachable, admin-prohibited, no-route, not-neighbour, port-unreachable

Mutual Exclusion: special-code any-code and icmp-code are mutually exclusive

special-type

Description: ‘echo-reply’: Type 129, echo reply; ‘echo-request’: help Type 128, echo request; ‘packet-too-big’: Type 2, packet too big; ‘param-prob’: Type 4, parameter problem; ‘time-exceeded’: Type 3, time exceeded; ‘dest-unreachable’: Type 1, destination unreachable;

Type: string

Supported Values: echo-reply, echo-request, packet-too-big, param-prob, time-exceeded, dest-unreachable

Mutual Exclusion: special-type icmp-type and any-type are mutually exclusive

src-any

Description: Any source host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: src-any src-host, src-subnet and src-object-group are mutually exclusive

src-eq

Description: Match only packets on a given source port (port number)

Type: number

Range: 1-65535

Mutual Exclusion: src-eq src-gt, src-lt and src-range are mutually exclusive

src-gt

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

Mutual Exclusion: src-gt src-eq, src-lt and src-range are mutually exclusive

src-host

Description: A single source host (Host address)

Type: string

Format: ipv6-address

Mutual Exclusion: src-host src-any, src-subnet and src-object-group are mutually exclusive

src-lt

Description: Match only packets with a lower port number

Type: number

Range: 2-65535

Mutual Exclusion: src-lt src-eq, src-gt and src-range are mutually exclusive

src-object-group

Description: Network object group (Source network object group name)

Type: string

Mutual Exclusion: src-object-group src-any, src-host and src-subnet are mutually exclusive

src-port-end

Description: Ending Port Number

Type: number

Range: 1-65535

src-range

Description: match only packets in the range of port numbers (Starting Port Number)

Type: number

Range: 1-65535

Mutual Exclusion: src-range src-eq, src-gt and src-lt are mutually exclusive

src-subnet

Description: Source Address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: src-subnet src-any, src-host and src-object-group are mutually exclusive

tcp

Description: protocol TCP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: tcp icmp, udp, ipv6, service-obj-group and geo-location are mutually exclusive

udp

Description: protocol UDP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: udp icmp, tcp, ipv6, service-obj-group and geo-location are mutually exclusive

vlan

Description: VLAN ID

Type: number

Range: 1-4094