Ipv6 acl configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SR8800 User Manual

16

IPv6 ACL configuration example

Network requirements

Perform packet filtering in the inbound direction of interface GigabitEthernet 2/1/1 to deny all IPv6

packets but those with source addresses in the range 4050::9000 to 4050::90FF.

Configuration procedure

1.

Create ACLs:
# Create an IPv6 ACL 2000.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000] rule permit source 4050::9000/120

# Create an IPv6 ACL 2100.

[Sysname] acl ipv6 number 2100

[Sysname-acl6-basic-2100] rule permit source any

[Sysname-acl6-basic-2000] quit

2.

Apply the ACL:
# Configure traffic classification.

[Sysname] traffic classifier c1

[Sysname-classifier-c1] if-match acl ipv6 2000

[Sysname-classifier-c1] quit

[Sysname] traffic classifier c2

[Sysname-classifier-c2] if-match acl ipv6 2100

[Sysname-classifier-c2] quit

3.

Configure traffic behaviors:
# Configure traffic behavior.

[Sysname] traffic behavior b1

[Sysname-behavior-b1] filter permit

[Sysname-behavior-b1] quit

[Sysname] traffic behavior b2

[Sysname-behavior-b2] filter deny

[Sysname-behavior-b2] quit

4.

Associate traffic classification rules and actions:
# Configure a QoS policy.

[Sysname] qos policy p1

[Sysname-qospolicy-p1] classifier c1 behavior b1

[Sysname-qospolicy-p1] classifier c2 behavior b2

[Sysname-qospolicy-p1] quit

5.

Apply the QoS policy:
# Apply QoS policy to the outbound direction of interface GigabitEthernet2/1/1.

[Sysname] interface GigabitEthernet 2/1/1

[Sysname-GigabitEthernet2/1/1] qos apply policy p1 outbound