Configuring an ipv6 basic acl, Configuring an ipv4 advanced acl, Configuring an advanced acl – H3C Technologies H3C S10500 Series Switches User Manual

Page 14

Advertising
background image

6

Configuring an IPv6 basic ACL

Follow these steps to configure an IPv6 basic ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv6 basic
ACL view and enter its

view

acl ipv6 number
acl6-number [ name

acl6-name ] [ match-order

{ auto | config } ]

Required
By default, no ACL exists.
IPv6 basic ACLs are numbered in the range of 2000
to 2999.
You can use the acl ipv6 name acl6-name command
to enter the view of a named IPv6 ACL.

Configure a description
for the IPv6 basic ACL

description text

Optional
By default, an IPv6 basic ACL has no ACL
description.

Set the rule numbering
step

step step-value

Optional
5 by default

Create or edit a rule

rule [ rule-id ] { deny |
permit } [ counting |

fragment | logging |

routing [ type routing-type ]
| source { ipv6-address

prefix-length |

ipv6-address/prefix-length

| any } | time-range
time-range-name |

vpn-instance

vpn-instance-name ] *

Required
By default, an IPv6 basic ACL does not contain any
rule.
If the ACL is for QoS traffic classification or packet
filtering, do not specify the fragment, routing, and

vpn-instance keywords. The keywords can cause ACL

application failure.
The logging and counting keywords (even if
specified) do not take effect for QoS.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an IPv6 basic ACL rule has no rule
description.

Add or edit a rule range
remark

rule [ rule-id ] remark text

Optional
By default, no rule range remarks are configured.

Enable counting ACL
rule matches performed
in hardware

hardware-count enable

Optional
Disabled by default.
When the ACL is referenced by a QoS policy, this

command does not take effect.

Configuring an advanced ACL

Configuring an IPv4 advanced ACL

IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet

priorities, protocols over IP, and other protocol header information, such as TCP/UDP source and

destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
Follow these steps to configure an IPv4 advanced ACL:

Advertising
This manual is related to the following products:

H3C S5800 Series Switches, H3C S5820X Series Switches

Popular Brands
Popular manuals