Applying an ipv6 acl for packet filtering – H3C Technologies H3C S12500 Series Switches User Manual
Page 24
15
Applying an IPv6 ACL for packet filtering
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Apply an IPv6 basic or IPv6
advanced ACL to the interface
to filter IPv6 packets.
packet-filter ipv6 { acl6-number |
name acl6-name } { inbound |
outbound }
By default, no IPv6 ACL is applied
to the interface.
On a VLAN interface, an inbound
packet filter handles only Layer 3
unicast packets and an outbound
packet filter handles all packets.
On an Ethernet interface, the
packet filter handles all packets.
Avoid the case that multiple users
configure the packet-filter ipv6
command at the same time.
Otherwise, the configuration might
fail.
When EB or EC2 cards are
operating in standard ACL mode,
the interfaces on these cards do not
support applying IPv6 ACLs to filter
packets.
4.
Exit to system view.
quit
N/A
5.
Set the interval for generating
and outputting IPv6 packet
filtering logs.
acl ipv6 logging frequence
frequence
The default interval is 0. No IPv6
packet filtering logs are generated.
The rule you add to an ACL that has been used by a packet filter cannot take effect if hardware resources
are insufficient or the packet filter does not support the rule. Such rules are marked as uncompleted in the
output from the display acl ipv6 { acl-number | all | name acl-name } slot slot-number command. To
successfully apply the rule, you must delete the rule and reconfigure it when hardware resources are
sufficient.
Follow these guidelines when you configure a packet filter on a VLAN interface:
•
Use the undo packet-filter ipv6 command to remove the packet filter from the VLAN interface if the
ACL application fails on an interface card, for example, because of hardware resource insufficiency.
The switch applies the packet filter configured on a VLAN interface to the main processing unit and
all interface cards. When an application failure occurs on an interface card, the switch cannot
automatically remove the ACL that has been applied to the main processing unit or any other
interface card.
•
You must also use the undo packet-filter ipv6 to remove the packet filter if the switch fails to update
the packet filter on an interface card after you edit the ACL rules. If you do not remove the packet
filter, the old ACL rules continue to take effect and the display packet-filter ipv6 command shows the
initial ACL application status.