1-10
Configuration prerequisites
z To configure a time range-based IPv6 ACL rule, you need to create the corresponding time range
first. For information about time range configuration, refer to section
Configuring Time Range.
z The settings to be specified in the rule are determined.
Configuration procedure
Table 1-5 Define an IPv6 ACL rule
Operation Command Description
Enter system view
system-view
—
Configure an IPv6 ACL
template
ipv6-acl-template { dscp |
ip-protocol | src-ip | dest-ip |
src-port | dest-port |
icmpv6-type | icmpv6-code } *
Required
By default, no IPv6 ACL
template is configured.
To specify the src-port,
dest-port, icmpv6-type or
icmpv6-code keyword in the
command, you need to specify
the ip-protocol keyword at
first.
Create an IPv6 ACL and enter
IPv6 ACL view
acl number acl-number
Required
Define an ACL rule
rule [ rule-id ] { permit | deny }
[ dscp rule-string rule-mask ]
[ ip-protocol rule-string
rule-mask ] [ src-ip
ipv6-address prefix-length ]
[ dest-ip ipv6-address
prefix-length ] [ [ src-port
rule-string rule-mask |
dest-port rule-string
rule-mask ] * | [ icmpv6-type
rule-string rule-mask |
icmpv6-code rule-string
rule-mask ] * ] [ time-range
time-name ]
Required
To specify the src-port or
dest-port keyword in the
command, you need to specify
the ip-protocol rule-string
rule-mask combination as TCP
or UDP, that is, 0x06 or 0x11.
To specify the icmpv6-type or
icmpv6-code keyword, you
need to specify the ip-protocol
rule-string rule-mask
combination as ICMPv6, that is,
0x3a.
Assign a description string to
the ACL rule
rule rule-id comment text
Optional
No description by default
Assign a description string to
the ACL
description text
Optional
No description by default
Note that:
z You can modify any existent rule of an IPv6 ACL. If you modify only the action to be taken or the
time range, the unmodified part of the rule remains the same. If you modify the contents of a
user-defined string, the new string overwrites the original one.
z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will
be the greatest rule number plus one. If the current greatest rule number is 65534, however, the
system will display an error message and you need to specify a number for the rule.
z The content of a modified or created rule cannot be identical with that of any existing rule of the
ACL; otherwise the rule modification or creation will fail, and the system will prompt that the rule
already exists.
To Next Page
Loading...
Need help?
General