6
2. Create an IPv6 basic ACL
view and enter its view.
acl ipv6 basic
{ acl-number |
name
acl-name } [
match-order
{
auto
|
config
} ]
By default, no ACL exists.
The value range for a numbered
IPv6 basic ACL is 2000 to 2999.
Use the
acl ipv6 basic
acl-number command to enter the
view of a numbered IPv6 basic
ACL.
Use the
acl
ipv6
basic
name
acl-name command to enter the
view of a named IPv6 basic ACL.
3. (Optional.) Configure a
description for the IPv6 basic
ACL.
description
text
By default, an IPv6 basic ACL
does not have a description.
4. (Optional.) Set the rule
numbering step.
step
step-value
By default, the rule numbering
step is 5 and the start rule ID is 0.
5. Create or edit a rule.
rule
[ rule-id ] {
deny
|
permit
}
[
fragment
|
routing
[
type
routing-type ] |
source
{ source-address source-prefix |
source-address/source-prefix |
any
} |
time-range
time-range-name ] *
By default, an IPv6 basic ACL
does not contain any rules.
6. (Optional.) Add or edit a rule
comment.
rule
rule-id
comment
text
By default, no rule comment is
configured.
Configuring an advanced ACL
This section describes procedures for configuring IPv4 and IPv6 advanced ACLs.
Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on the following criteria:
• Source IP addresses.
• Destination IP addresses.
• Packet priorities.
• Protocol numbers.
• Other protocol header information, such as TCP/UDP source and destination port numbers,
TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:
1. Enter system view.
system-view
N/A
To Next Page
Loading...
