H3C Technologies H3C S3100 Series Switches User Manual

Page 566

Advertising
background image

1-9

z

src-ip: Matches the source address field in IPv6 packets.

z

dest-ip: Matches the destination address field in IPv6 packets.

z

src-port: Matches the TCP/UDP source port field in IPv6 packets.

z

dest-port: Matches the TCP/UDP destination port field in IPv6 packets.

z

icmpv6-type: Matches the ICMPv6 message type field in IPv6 packets.

z

icmpv6-code: Matches the ICMPv6 message code field in IPv6 packets.

For information about the IPv6 packet format, refer to IPv6 Management Operation.

z

IPv6 ACLs do not match IPv6 packets with extension headers.

z

IPv6 ACL and VLAN mapping are mutually exclusive.

z

When IPv6 ACLs are applied, you cannot configure the switch to trust port priority.

Before applying an IPv6 ACL, be sure to configure an IPv6 ACL template to specify the fields to be

matched.

When configuring an IPv6 template, note that:

z

Only one IPv6 template is supported in the system. If you want to configure a new one, you need to

remove the existing one first.

z

To specify the src-port, dest-port, icmpv6-type or icmpv6-code keyword in the command, you

need to specify the ip-protocol keyword at first.

When configuring IPv6 ACL rules, note that:

z

The keywords specified for an IPv6 ACL rule must be consistent with or be a subnet of those

specified in the IPv6 ACL template. Otherwise, you cannot apply the IPv6 ACL.

z

To specify the src-port or dest-port keyword for a rule, you need to specify the ip-protocol

rule-string rule-mask combination as TCP or UDP, that is, 0x06 or 0x11. To specify the

icmpv6-type or icmpv6-code keyword for a rule, you need to specify the ip-protocol rule-string

rule-mask combination as ICMPv6, that is, 0x3a.

z

If both the src-ip and dest-ip keywords are configured, you can configure two more keywords

among dscp, ip-protocol, src-port, dest-port, icmpv6-type, and icmpv6-code. If either the

src-ip or dest-ip keyword is configured, you can configure any keywords among dscp,

ip-protocol, src-port, dest-port, icmpv6-type, and icmpv6-code.

Advertising
Popular Brands
Popular manuals