EasyManua.ls Logo

3Com Switch 4800G 24-Port - Configuring an Advanced Ipv6 ACL

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
852 CHAPTER 64: IPV6 ACL CONFIGURATION
n
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
c
CAUTION:
You can modify the match order of an IPv6 ACL with the acl ipv6 number
acl6-number [ name acl6-name ] match-order { auto | config } command but
only when it does not contain any rules.
The rule specified in the rule comment command must have existed.
Configuration Examples # Create IPv6 ACL 2000 to permit IPv6 packets with source address
2030:5060::9050/64 to pass while denying IPv6 packets with source address
fe80:5060::8050/96.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
[Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96
# Verify the configuration.
[Sysname-acl6-basic-2000] display acl ipv6 2000
Basic IPv6 ACL 2000, named -none-, 2 rules,
ACL’s step is 5
rule 0 permit source 2030:5060::9050/64
rule 5 deny source FE80:5060::8050/96
Configuring an
Advanced IPv6 ACL
Advanced ACLs filter packets based on the source IPv6 address, destination IPv6
address, protocol carried on IPv6, and other protocol header fields such as the
TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP
message code.
Advanced IPv6 ACLs are numbered in the range 3000 to 3999. Compared with
basic IPv6 ACLs, they allow of more flexible and accurate filtering.
Configuration
Prerequisites
If you want to reference a time range to a rule, define it with the time-range
command first.
Configuration Procedure Follow these steps to configure an advanced IPv6 ACL:
Create an IPv6 ACL
description
description text Optional
By default, no IPv6 ACL description is
present.
Create a rule
description
rule rule-id comment text Optional
By default, no rule description is present.
To do… Use the command… Remarks

Table of Contents

Related product manuals