31
vpn-instance vpn-instance-name: Applies the rule to an MPLS L3VPN instance. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a
VPN instance, the rule applies to both non-VPN packets and VPN packets.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
You can edit ACL rules only when the match order is config.
To view the existing IPv6 basic and advanced ACL rules, use the display acl ipv6 all command.
The rule ID is required in the undo rule rule-id command.
If you do not specify optional parameters, the undo rule rule-id command deletes the entire rule. If
you specify optional parameters, the undo rule rule-id command deletes the specified attributes.
The undo rule { deny | permit } command can only be used to delete the entire rule. You must
specify all the attributes of the rule for the command.
The counting keyword in this command enables match counting specific to rules, and the
hardware-count keyword in the packet-filter ipv6 command enables match counting for all rules in
an ACL.
Examples
# Create an IPv6 basic ACL rule to deny the packets from any source IP subnet but 1001::/16,
3124:1123::/32, or FE80:5060:1001::/48.
<Sysname> system-view
[Sysname] acl ipv6 basic 2000
[Sysname-acl-ipv6-basic-2000] rule permit source 1001:: 16
[Sysname-acl-ipv6-basic-2000] rule permit source 3124:1123:: 32
[Sysname-acl-ipv6-basic-2000] rule permit source fe80:5060:1001:: 48
[Sysname-acl-ipv6-basic-2000] rule deny source any
Related commands
acl
acl logging interval
display acl
step
time-range
rule (Layer 2 ACL view)
Use rule to create or edit a Layer 2 ACL rule.
Use undo rule to delete an entire Layer 2 ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } [ cos dot1p | counting | dest-mac dest-address dest-mask | { lsap
lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address
source-mask | time-range time-range-name ] *
undo rule rule-id [ counting | time-range ] *
undo rule { deny | permit } [ cos dot1p | counting | dest-mac dest-address dest-mask | { lsap
lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address
source-mask | time-range time-range-name ] *
To Next Page
Loading...
