8
2. Create an IPv6 advanced
ACL and enter its view.
acl ipv6 advanced
{ acl-number |
name
acl-name } [
match-order
{
auto
|
config
} ]
By default, no ACL exists.
The value range for a numbered
IPv6 advanced ACL is 3000 to
3999.
Use the
acl ipv6 advanced
acl-number command to enter the
view of a numbered IPv6
advanced ACL.
Use the
acl
ipv6 advanced
name
acl-name command to
enter the view of a named IPv6
advanced ACL.
3. (Optional.) Configure a
description for the IPv6
advanced ACL.
description
text
By default, an IPv6 advanced
ACL does not have a description.
4. (Optional.) Set the rule
numbering step.
step
step-value
By default, the rule numbering
step is 5 and the start rule ID is 0.
5. Create or edit a rule.
rule
[ rule-id ] {
deny
|
permit
}
protocol [ { {
ack
ack-value |
fin
fin-value |
psh
psh-value |
rst
rst-value |
syn
syn-value |
urg
urg-value } * |
established
} |
destination
{ dest-address
dest-prefix |
dest-address/dest-prefix |
any
} |
destination-port
operator port1
[ port2 ] |
dscp
dscp |
flow-label
flow-label-value |
fragment
|
icmp6-type
{ icmp6-type
icmp6-code | icmp6-message } |
routing
[
type
routing-type ] |
hop-by-hop
[
type
hop-type ] |
source
{ source-address
source-prefix |
source-address/source-prefix
|
any
} |
source-port
operator
port1 [ port2 ] |
time-range
time-range-name ] *
By default, IPv6 advanced ACL
does not contain any rules.
6. (Optional.) Add or edit a rule
comment.
rule
rule-id
comment
text
By default, no rule comment is
configured.
Configuring a Layer 2 ACL
Layer 2 ACLs, also called "Ethernet frame header ACLs," match packets based on Layer 2 Ethernet
header fields, such as:
• Source MAC address.
• Destination MAC address.
• 802.1p priority (VLAN priority).
• Link layer protocol type.
To configure a Layer 2 ACL:
To Next Page
Loading...
