Configuring an ipv6 advanced acl – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 16
7
Step
Command
Remarks
2.
Create an IPv4 advanced
ACL and enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv4 advanced ACLs are
numbered in the range 3000 to
3999.
You can use the acl name acl-name
command to enter the view of a
named IPv4 ACL.
3.
Configure a description for
the IPv4 advanced ACL.
description text
Optional.
By default, an IPv4 advanced ACL
has no ACL description.
4.
Set the rule numbering step.
step step-value
Optional.
5 by default.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
counting | destination { dest-addr
dest-wildcard | any } |
destination-port operator port1
[ port2 ] | dscp dscp | icmp-type
{ icmp-type [ icmp-code ] |
icmp-message } | precedence
precedence | reflective | source
{ sour-addr sour-wildcard | any } |
source-port operator port1 [ port2 ]
| time-range time-range-name |
tos tos ] *
By default, an IPv4 advanced ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an IPv4 advanced ACL
rule has no rule description.
Configuring an IPv6 advanced ACL
IPv6 advanced ACLs match packets based on the source IPv6 address, destination IPv6 address,
protocol carried over IPv6, and other protocol header fields such as the TCP/UDP source port number,
TCP/UDP destination port number, ICMP message type, and ICMP message code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv6 advanced ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A