Configuring an ipv6 advanced acl – H3C Technologies H3C S7500E Series Switches User Manual

1-11

z

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.

z

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

z

When the ACL match order is auto, a newly created rule will be inserted among the existing rules

in the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]

match-order { auto | config } command but only when it does not contain any rules.

Configuring an IPv6 Advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address,

protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number,

TCP/UDP destination port number, ICMP message type, and ICMP message code.

Compared with IPv6 basic ACLs, they allow of more flexible and accurate filtering.

Follow these steps to configure an IPv6 advanced ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv6 advanced ACL

and enter its view

acl ipv6 number acl6-number [ name

acl6-name ] [ match-order { auto |

config } ]

Required

By default, no ACL exists.

IPv6 advanced ACLs are

numbered in the range 3000 to

3999.

You can use the acl ipv6 name

acl6-name command to enter

the view of an existing named

IPv6 ACL.

Configure a description for the

IPv6 advanced ACL

description text

Optional

By default, an IPv6 advanced

ACL has no ACL description.

Set the rule numbering step

step step-value

Optional

5 by default.