13-5
Introduction to IPv6 ACL
This section covers these topics:
z IPv6 ACL Classification
z IPv6 ACL Naming
z IPv6 ACL Match Order
z IPv6 ACL Step
z Effective Period of an IPv6 ACL
IPv6 ACL Classification
IPv6 ACLs, identified by ACL numbers, fall into three categories, as shown in Table 13-2.
Table 13-2 IPv6 ACL categories
Category ACL number Matching criteria
Basic IPv6 ACL
2000 to 2999 Source IPv6 address
Advanced IPv6 ACL 3000 to 3999
Source IPv6 address, destination IPv6 address,
protocol carried over IPv6, and other Layer 3 or
Layer 4 protocol header information
IPv6 ACL Naming
When creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify the
IPv6 ACL by its name.
An IPv6 ACL can have only one name. Whether to specify a name for an ACL is up to you. After
creating an ACL, you cannot specify a name for it, nor can you change or remove its name.
The name of an IPv6 ACL must be unique among IPv6 ACLs. However, an IPv6 ACL and an IPv4 ACL
can share the same name.
IPv6 ACL Match Order
Similar to IPv4 ACLs, an IPv6 ACL consists of multiple rules, each of which specifies different matching
criteria. These criteria may have overlapping or conflicting parts. The match order is for determining
how a packet should be matched against the rules.
Two match orders are available for IPv6 ACLs:
z config: Packets are compared against ACL rules in the order the rules are configured.
z auto: Packets are compared against ACL rules in the depth-first match order.
The term depth-first match has different meanings for different types of IPv6 ACLs:
Depth-first match for a basic IPv6 ACL
The following shows how your device performs depth-first match in a basic IPv6 ACL:
To Next Page
Loading...
