Configuring an ipv6 advanced acl – H3C Technologies H3C S10500 Series Switches User Manual

7

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv4
advanced ACL and

enter its view

acl number acl-number [ name
acl-name ] [ match-order { auto

| config } ]

Required
By default, no ACL exists.
IPv4 advanced ACLs are numbered in the range of

3000 to 3999.
You can use the acl name acl-name command to
enter the view of a named IPv4 ACL.

Configure a
description for the
IPv4 advanced ACL

description text

Optional
By default, an IPv4 advanced ACL has no ACL

description.

Set the rule
numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin

fin-value | psh psh-value | rst

rst-value | syn syn-value | urg

urg-value } * | established } |
counting | destination

{ dest-addr dest-wildcard | any }

| destination-port operator

port1 [ port2 ] | dscp dscp |
fragment | icmp-type

{ icmp-type [ icmp-code ] |

icmp-message } | logging |

precedence precedence |
source { sour-addr sour-wildcard

| any } | source-port operator

port1 [ port2 ] | time-range

time-range-name | tos tos |
vpn-instance

vpn-instance-name ] *

Required
By default, an IPv4 advanced ACL does not
contain any rule.

If an IPv4 advanced ACL is for QoS
traffic classification or packet

filtering:

•

Do not specify the vpn-instance keyword or
specify neq for the operator argument.

•

Do not specify gt, lt, or range for the operator
argument if the ACL is for outbound QoS traffic

classification or outbound packet filtering.

The logging and counting keywords (even if
specified) do not take effect for QoS traffic

classification.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an IPv4 advanced ACL rule has no rule
description.

Add or edit a rule
range remark

rule [ rule-id ] remark text

Optional
By default, no rule range remarks are configured.

Enable counting ACL
rule matches

performed in
hardware

hardware-count enable

Optional
Disabled by default
When the ACL is referenced by a QoS policy, this
command does not take effect.

Configuring an IPv6 advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 addresses, destination IPv6 addresses,
packet priorities, protocols carried over IPv6, and other protocol header fields such as the TCP/UDP

source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message

code.