64
IPV6 ACL CONFIGURATION
When configuring IPv6 ACLs, go to these sections for information you are
interested in:
■ “Creating a Time Range” on page 851
■ “Configuring a Basic IPv6 ACL” on page 851
■ “Configuring an Advanced IPv6 ACL” on page 852
■ “Copying an IPv6 ACL” on page 854
■ “Displaying and Maintaining IPv6 ACLs” on page 854
■ “IPv6 ACL Configuration Example” on page 854
Creating a Time Range Refer to section “Creating a Time Range” on page 841.
Configuring a Basic
IPv6 ACL
Basic IPv6 ACLs filter packets based on source IPv6 address. They are numbered in
the range 2000 to 2999.
Configuration
Prerequisites
If you want to reference a time range to a rule, define it with the time-range
command first.
Configuration Procedure Follow these steps to configure a basic IPv6 ACL:
To do… Use the command… Remarks
Enter system view system-view --
Create and enter basic
IPv6 ACL view
acl ipv6 number
acl6-number [ name
acl6-name ]
[ match-order { auto |
config }]
Required
The default match order is config.
If you specify a name for an IPv6 ACL
when creating the ACL, you can use the
acl ipv6 name acl6-name command to
enter the view of the ACL later.
Create or modify a rule rule [ rule-id ] { deny |
permit } [ fragment |
logging | source
{ ipv6-address
prefix-length |
ipv6-address/prefix-length |
any } | time-range
time-name ] *
Required
To create multiple rules, repeat this step.
Note that the logging and fragment
keywords are not supported if the ACL
is to be referenced by a QoS policy for
traffic classification.
Set a rule numbering
step
step step-value Optional
The default step is 5.
To Next Page
Loading...
