Configuring an ipv6 basic acl – H3C Technologies H3C S12500 Series Switches User Manual
Page 15
6
Step
Command
Remarks
6.
Add or edit a rule comment.
rule rule-id comment text
Optional.
By default, an IPv4 ACL rule has no
rule description.
7.
Add or edit a rule range
remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks
are configured.
8.
Enable rule match counting
for the IPv4 basic ACL.
hardware-count enable
Optional.
By default, rule match counting is
disabled.
Configuring an IPv6 basic ACL
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable the 80-byte ACL rule
match mode.
acl ipv6 enable
The default setting is 40 bytes on
an EC1 or EF card.
This command is valid only for an
EC1 or EF card. To support
user-defined, IPv6 basic, and IPv6
advanced ACLs on an EC1 or EF
card, you must configure this
command first.
3.
Create an IPv6 basic ACL
view and enter its view.
acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]
By default, no ACL exists.
IPv6 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl ipv6 name
acl6-name command to enter the
view of a named IPv6 ACL.
4.
Configure a description for
the IPv6 basic ACL.
description text
Optional.
By default, an IPv6 basic ACL has
no ACL description.
5.
Set the rule numbering step.
step step-value
Optional.
The default setting is 5.
6.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { ipv6-address prefix-length
| ipv6-address/prefix-length |
any } | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
By default, an IPv6 basic ACL does
not contain any rule.
The logging keyword supports only
the packet filter function.
The vpn-instance keyword is not
supported in the current software
version, and is reserved for future
support.
7.
Add or edit a rule comment.
rule rule-id comment text
Optional.
By default, an IPv6 basic ACL rule
has no rule description.