IPv6 Access Control List Definition

Access lists configured through localized data policy are called explicit ACLs. Explicit ACLs can be applied to any interface in any VPN on the device.

Diagram

Classes

definitions (sdwan.localized_policies)

Name	Type	Constraint	Mandatory	Default Value
ipv6_access_control_lists	List	`[ipv6_access_control_lists]`	No

ipv6_access_control_lists (sdwan.localized_policies.definitions)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	Yes
description	String		Yes
default_action	Choice	`accept`, `drop`	Yes
sequences	List	`[sequences]`	No

sequences (sdwan.localized_policies.definitions.ipv6_access_control_lists)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `65534`	Yes
name	String		No
base_action	Choice	`accept`, `drop`	Yes
match_criterias	Class	`[match_criterias]`	No
actions	Class	`[actions]`	No

match_criterias (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)

Name	Type	Constraint	Mandatory
class	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
destination_data_prefix_list	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
destination_ip_prefix	IP		No
destination_port_ranges	List	`[destination_port_ranges]`	No
destination_ports	List	Integer[min: `0`, max: `65535`]	No
next_header	Integer	min: `0`, max: `255`	No
packet_length	Integer	min: `0`, max: `65535`	No
priority	Choice	`high`, `low`	No
source_data_prefix_list	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
source_ip_prefix	IP		No
source_port_ranges	List	`[source_port_ranges]`	No
source_ports	List	Integer[min: `0`, max: `65535`]	No
tcp	Choice	`syn`	No
traffic_class	Integer	min: `0`, max: `63`	No

actions (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)

Name	Type	Constraint	Mandatory
class	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
counter_name	String	min: `1`, max: `20`	No
log	Boolean	`true`, `false`	No
mirror_list	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
next_hop	IP		No
policer	String	Regex: `^[A-Za-z0-9-_]{1,128}$`	No
traffic_class	Integer	min: `0`, max: `63`	No

destination_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

source_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `0`, max: `65535`	Yes
to	Integer	min: `0`, max: `65535`	Yes

Examples

sdwan:
  localized_policies:
    definitions:
      ipv6_access_control_lists:
        - name: ACL-TLOCEXT-DSCP
          description: "Set traffic class based on DSCP or port"
          default_action: accept
          sequences:
            - id: 10
              name: QoS-ACL
              base_action: accept
              match_criterias:
                traffic_class: 46
                source_port_ranges:
                  - from: 1000
                    to: 1050
              actions:
                class: CLASS-REALTIME
                counter_name: 10-CLASS-REALTIME
            - id: 20
              name: AF13 traffic
              base_action: accept
              match_criterias:
                source_ports:
                  - 100
                  - 240
                traffic_class: 14
              actions:
                class: CLASS-BUSINESS
                counter_name: 20-CLASS-BUSINESS