1178 BigIron RX Series Configuration Guide53-1001986-01Using IPv6 ACLs as input to other features47For TCP and UDP, you also can specify a comparison operator and port name or number. Forexample, you can configure a policy to block web access to a specific website by denying all TCPport 80 (HTTP) packets from a specified source IPv6 address to the website’s IPv6 address.IPv6 ACLs also provide support for filtering packets based on DSCP.This chapter contains the following sections:• “Using IPv6 ACLs as input to other features” on page 1178• “Configuring an IPv6 ACL” on page 1178• “Applying an IPv6 ACL to an interface” on page 1186• “Adding a comment to an IPv6 ACL entry” on page 1187• “Displaying ACLs” on page 1188Using IPv6 ACLs as input to other featuresYou can use an IPv6 ACL to provide input to other features such as route maps and distributionlists. When you use an ACL this way, use permit statements in the ACL to specify the traffic that youwant to send to the other feature. If you use deny statements, the traffic specified by the denystatements is not supplied to the other feature.Configuring an IPv6 ACLTo configure an IPv6 ACL, you must do the following:• Create the ACL• Apply the ACL to an interfaceExample configurationsTo configure an access list that blocks all Telnet traffic received on port 1/1 from IPv6 host2000:2382:e0bb::2, enter the following commands.Here is another example of commands for configuring an ACL and applying it to an interface.BigIron RX(config)# ipv6 access-list fdryBigIron RX(config-ipv6-access-list-fdry)# deny tcp host 2000:2382:e0bb::2 any eqtelnetBigIron RX(config-ipv6-access-list-fdry)# permit ipv6 any anyBigIron RX(config-ipv6-access-list-fdry)# exitBigIron RX(config)# int eth 1/1BigIron RX(config-if-1/1)# ipv6 traffic-filter fdry inBigIron RX(config)# write memory