5-7
A bigger step means more numbering flexibility. This is helpful when the config rule order is adopted,
with which ACL rules are sorted in ascending order of rule ID.
If no ID is specified for a rule when the rule is created, the system automatically assigns it the smallest
multiple of the step that is bigger than the current biggest rule ID, starting with 0. For example, given the
step of 5, if the present biggest rule ID is 28, the newly defined rule will be numbered 30. If the ACL does
not contain any rule, the first defined rule will be numbered 0.
Effective Time Period of an IPv6 ACL
You can control when a rule can take effect by referencing a time range in the rule.
A referenced time range can be one that has not been created yet. The rule, however, can take effect
only after the time range is defined and becomes active.
IPv6 ACL Configuration
Configuring a Basic IPv6 ACL
Basic IPv6 ACLs match packets based on only source IPv6 address. They are numbered in the range
2000 to 2999.
z Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
z Configuration Procedure
Follow these steps to configure an IPv6 ACL:
To do… Use the command… Remarks
Enter system view
system-view
––
Create a basic IPv6 ACL view and
enter its view
acl ipv6 number
acl6-number
[
name
acl6-name ] [
match-order
{
auto
|
config
} ]
Required
The default rule order is
config
.
If you specify a name for an IPv6
ACL when creating the ACL, you
can use the
acl
ipv6 name
acl6-name command to enter the
view of the ACL later.
Create or modify a rule
rule
[ rule-id ] {
deny
|
permit
}
[
counting
|
fragment
|
logging
|
source
{ ipv6-address
prefix-length |
ipv6-address/prefix-length
| any
} |
time-range
time-range-name ] *
Required
To create or modify multiple rules,
repeat this step.
Set the rule numbering step
step
step-value
Optional
5 by default
Configure a description for the
basic IPv6 ACL
description
text
Optional
By default, a basic IPv6 ACL has
no ACL description.
Configure a rule description
rule
rule-id
comment
text
Optional
By default, an IPv6 ACL rule has
no rule description.
Note that:
To Next Page
Loading...
Need help?
General