L3 Extended and Policy ACL Rule Protocols and Other Options

For an extended or policy ACL, the following protocols can be specified in a rule:

• A specific or all Internet protocols
• Encapsulation Security Payload
• Generic Router Encapsulation protocol
• An established TCP connection
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Internet Control Message Protocol (ICMP or ICMPv6)

TCP and UDP rules can match source and destination ports against the following values: equal to, not equal to, greater than, less than, or a specified range. TCP rules can also distinguish established connections from new connection requests.

ICMP can be set for message type and code. See the details for the permit and deny commands in the S-, K-, and 7100 Series CLI Reference Guide for supported ICMP message types and codes.

Extended and policy ACLs can optionally be set for a Diffserv codepoint (DSCP), IP precedence, or IP Type of Service (ToS) value for both IPv4 and IPv6. IPv6 provides additional support for routing header match against source-routed packet, and the packet‘s routing extension header, mobility extension header, and mobility-type extension header.