IPv6 Access Control List Definition

Access lists configured through localized data policy are called explicit ACLs. Explicit ACLs can be applied to any interface in any VPN on the device.

Diagram

Classes

definitions (sdwan.localized_policies)

Name	Type	Constraint	Mandatory	Default Value
ipv6_access_control_lists	List	[ipv6_access_control_lists]	No

ipv6_access_control_lists (sdwan.localized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[A-Za-z0-9-_]{1,128}$	Yes
description	String		Yes
default_action	Choice	accept, drop	Yes
sequences	List	[sequences]	No

sequences (sdwan.localized_policies.definitions.ipv6_access_control_lists)

Name	Type	Constraint	Mandatory	Default Value
id	Integer	min: 1, max: 65534	Yes
name	String		No
base_action	Choice	accept, drop	Yes
match_criterias	Class	[match_criterias]	No
actions	Class	[actions]	No

match_criterias (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)

Name	Type	Constraint	Mandatory	Default Value
class	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
destination_data_prefix_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
destination_ip_prefix	IP		No
destination_port_ranges	List	[destination_port_ranges]	No
destination_ports	List	Integer[min: 0, max: 65535]	No
next_header	Integer	min: 0, max: 255	No
packet_length	Integer	min: 0, max: 65535	No
priority	Choice	high, low	No
source_data_prefix_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
source_ip_prefix	IP		No
source_port_ranges	List	[source_port_ranges]	No
source_ports	List	Integer[min: 0, max: 65535]	No
tcp	Choice	syn	No
traffic_class	Integer	min: 0, max: 63	No

actions (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)

Name	Type	Constraint	Mandatory	Default Value
class	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
counter_name	String	min: 1, max: 20	No
log	Boolean	true, false	No
mirror_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
next_hop	IP		No
policer	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
traffic_class	Integer	min: 0, max: 63	No

destination_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 0, max: 65535	Yes
to	Integer	min: 0, max: 65535	Yes

source_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 0, max: 65535	Yes
to	Integer	min: 0, max: 65535	Yes

Examples

sdwan:
  localized_policies:
    definitions:
      ipv6_access_control_lists:
        - name: ACL-TLOCEXT-DSCP
          description: "Set traffic class based on DSCP or port"
          default_action: accept
          sequences:
            - id: 10
              name: QoS-ACL
              base_action: accept
              match_criterias:
                traffic_class: 46
                source_port_ranges:
                  - from: 1000
                    to: 1050
              actions:
                class: CLASS-REALTIME
                counter_name: 10-CLASS-REALTIME
            - id: 20
              name: AF13 traffic
              base_action: accept
              match_criterias:
                source_ports:
                  - 100
                  - 240
                traffic_class: 14
              actions:
                class: CLASS-BUSINESS
                counter_name: 20-CLASS-BUSINESS