You are here: Home > CLI Commands > Just_CLI_Topics > netexthdr

netexthdr

netexthdr <name>

eh <eh-type> deny | permit

Description

This command allows you to edit the packet filter options in the extension header (EH).

Syntax

Parameter

Description

Default

<-name>

Specify the EH alias name.

default

eh <eh-type>

Specify one of the following EH types:

<0-255>: Matches the IPv6 next header type

authentication: Matches the IPv6 authentication header

dest-option: Matches the IPv6 destination-option header

esp: Matches the IPv6 encapsulation security payload header

fragment: Matches the IPv6 fragment header

hop-by-hop: Matches the IPv6 hop-by-hop header

mobility: Matches the IPv6 mobility header

routing: Matches the IPv6 routing header

deny

Denies the IPv6 packets matching the specified extended header type.

permit

Permits the IPv6 packets matching the specified extended header type.

NOTE: By default, all the EH types are supported in the default EH.

Usage Guidelines

ArubaOS firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. is enhanced to process the IPv6 extension header (EH) to enable IPv6 packet filtering. You can filter the incoming IPv6 packets based on the EH type. You can edit the packet filter options in the default EH, using this command. By default, the default EH alias permits all EH types.

Example

The following command denies the IPv6 packets matching the specified extended header type in the default EH:

(host)[node](config #netexthdr default

(host)[node](config-exthdr) #eh authentication deny

Related Commands

(host) #show netexthdr <alias-name>

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/