Configuring an Advanced IPv6 ACL 853
n
■ You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
■ You may use the display acl command to verify rules configured in an ACL. If
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
c
CAUTION:
■ You can modify the match order of an IPv6 ACL with the acl ipv6 number
acl6-number [ name acl6-name ] match-order { auto | config } command but
only when it does not contain any rules.
■ The rule specified in the rule comment command must have existed.
Configuration Examples # Create IPv6 ACL 3000 to permit the TCP packets with the source address
2030:5060::9050/64 to pass.
To do… Use the command… Remarks
Enter system view system-view --
Create and enter advanced
IPv6 ACL view
acl ipv6 number
acl6-number [ name
acl6-name ] [ match-order
{ auto | config }]
Required
The default match order is
config.
If you specify a name for an
IPv6 ACL when creating the
ACL, you can use the acl ipv6
name acl6-name command
to enter the view of the ACL
later.
Create or modify a rule rule [ rule-id ] { deny |
permit } protocol
[ destination { dest
dest-prefix | dest/dest-prefix |
any } | destination-port
operator port1 [ port2 ] | dscp
dscp | fragment |
icmpv6-type { icmpv6-type
icmpv6-code |
icmpv6-message } | logging |
source { source source-prefix |
source/source-prefix | any } |
source-port operator port1
[ port2 ] | time-range
time-name ] *
Required
To create multiple rules,
repeat this step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the
logging and fragment
keywords are not supported
and the operator argument
cannot be:
■ neq, if the policy is for the
inbound traffic,
■ gt, lt, neq or range, if the
policy is for the outbound
traffic.
Set a rule numbering step step step-value Optional
The default step is 5.
Create an ACL description description text Optional
By default, no IPv6 ACL
description is present.
Create a rule description rule rule-id comment text Optional
By default, no rule description
is present.
To Next Page
Loading...
