Configuring an ipv6 basic acl, Configuring an advanced acl, Configuring an ipv4 advanced acl – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 15
6
Configuring an IPv6 basic ACL
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an IPv6 basic ACL
view and enter its view.
acl ipv6 number acl6-number
[ name acl6-name ] [ match-order
{ auto | config } ]
By default, no ACL exists.
IPv6 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl ipv6 name
acl6-name command to enter the
view of a named IPv6 ACL.
3.
Configure a description for
the IPv6 basic ACL.
description text
Optional.
By default, an IPv6 basic ACL has
no ACL description.
4.
Set the rule numbering step.
step step-value
Optional.
5 by default
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
[ counting | source { ipv6-address
prefix-length |
ipv6-address/prefix-length | any }
| time-range time-range-name ] *
By default, an IPv6 basic ACL does
not contain any rule.
To create or edit multiple rules,
repeat this step.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an IPv6 basic ACL rule
has no rule description.
Configuring an advanced ACL
Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on source and destination IP addresses, protocols over IP, and
other protocol header information, such as TCP/UDP source and destination port numbers, TCP flags,
ICMP message types, and ICMP message codes.
IPv4 advanced ACLs also allow you to filter packets based on these priority criteria: type of service (ToS),
IP precedence, and differentiated services codepoint (DSCP) priority.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A