IPv6 Access Control List Definition
Access lists configured through localized data policy are called explicit ACLs. Explicit ACLs can be applied to any interface in any VPN on the device.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”definitions (sdwan.localized_policies)
Section titled “definitions (sdwan.localized_policies)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ipv6_access_control_lists | List | [ipv6_access_control_lists] | No |
ipv6_access_control_lists (sdwan.localized_policies.definitions)
Section titled “ipv6_access_control_lists (sdwan.localized_policies.definitions)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | Yes | |
description | String | Yes | ||
default_action | Choice | accept , drop | Yes | |
sequences | List | [sequences] | No |
sequences (sdwan.localized_policies.definitions.ipv6_access_control_lists)
Section titled “sequences (sdwan.localized_policies.definitions.ipv6_access_control_lists)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
id | Integer | min: 1 , max: 65534 | Yes | |
name | String | No | ||
base_action | Choice | accept , drop | Yes | |
match_criterias | Class | [match_criterias] | No | |
actions | Class | [actions] | No |
match_criterias (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)
Section titled “match_criterias (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
class | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
destination_data_prefix_list | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
destination_ip_prefix | IP | No | ||
destination_port_ranges | List | [destination_port_ranges] | No | |
destination_ports | List | Integer[min: 0 , max: 65535 ] | No | |
next_header | Integer | min: 0 , max: 255 | No | |
packet_length | Integer | min: 0 , max: 65535 | No | |
priority | Choice | high , low | No | |
source_data_prefix_list | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
source_ip_prefix | IP | No | ||
source_port_ranges | List | [source_port_ranges] | No | |
source_ports | List | Integer[min: 0 , max: 65535 ] | No | |
tcp | Choice | syn | No | |
traffic_class | Integer | min: 0 , max: 63 | No |
actions (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)
Section titled “actions (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
class | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
counter_name | String | min: 1 , max: 20 | No | |
log | Boolean | true , false | No | |
mirror_list | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
next_hop | IP | No | ||
policer | String | Regex: ^[A-Za-z0-9-_]{1,128}$ | No | |
traffic_class | Integer | min: 0 , max: 63 | No |
destination_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)
Section titled “destination_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
source_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)
Section titled “source_port_ranges (sdwan.localized_policies.definitions.ipv6_access_control_lists.sequences.match_criterias)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
from | Integer | min: 0 , max: 65535 | Yes | |
to | Integer | min: 0 , max: 65535 | Yes |
Examples
Section titled “Examples”sdwan: localized_policies: definitions: ipv6_access_control_lists: - name: ACL-TLOCEXT-DSCP description: "Set traffic class based on DSCP or port" default_action: accept sequences: - id: 10 name: QoS-ACL base_action: accept match_criterias: traffic_class: 46 source_port_ranges: - from: 1000 to: 1050 actions: class: CLASS-REALTIME counter_name: 10-CLASS-REALTIME - id: 20 name: AF13 traffic base_action: accept match_criterias: source_ports: - 100 - 240 traffic_class: 14 actions: class: CLASS-BUSINESS counter_name: 20-CLASS-BUSINESS