Configuring an ipv6 basic acl – H3C Technologies H3C S7500E Series Switches User Manual

1-8

z

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

z

When the ACL match order is auto, a newly created rule will be inserted among the existing rules

in the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]

match-order { auto | config } command but only when it does not contain any rules.

Configuring an IPv6 basic ACL

Follow these steps to configure an IPv6 basic ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv6 basic ACL view

and enter its view

acl ipv6 number acl6-number

[ name acl6-name ] [ match-order

{ auto | config } ]

Required

By default, no ACL exists.

IPv6 basic ACLs are numbered in

the range 2000 to 2999.

You can use the acl ipv6 name

acl6-name command to enter the

view of an existing named IPv6

ACL.

Configure a description for the

IPv6 basic ACL

description text

Optional

By default, an IPv6 basic ACL has

no ACL description.

Set the rule numbering step

step step-value

Optional

5 by default

Create or edit a rule

rule [ rule-id ] { deny | permit }

[ fragment | logging | source

{ ipv6-address prefix-length |

ipv6-address/prefix-length | any } |

time-range time-range-name ]*

Required

By default, an IPv6 basic ACL

does not contain any rule.

To create or edit multiple rules,

repeat this step.

Note that the logging and

fragment keywords are not

supported if the ACL is to be

referenced by a QoS policy for

traffic classification.