H3C Technologies H3C S10500 Series Switches User Manual

Page 16

Advertising
background image

8

Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
Follow these steps to configure an IPv6 advanced ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv6
advanced ACL and

enter its view

acl ipv6 number acl6-number
[ name acl6-name ]

[ match-order { auto | config } ]

Required
By default, no ACL exists.
IPv6 advanced ACLs are numbered in the range of
3000 to 3999.
You can use the acl ipv6 name acl6-name command
to enter the view of a named IPv6 ACL.

Configure a
description for the

IPv6 advanced ACL

description text

Optional
By default, an IPv6 advanced ACL has no ACL
description.

Set the rule

numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin

fin-value | psh psh-value | rst

rst-value | syn syn-value | urg
urg-value } * | established } |

counting | destination { dest

dest-prefix | dest/dest-prefix |

any } | destination-port
operator port1 [ port2 ] | dscp

dscp | flow-label

flow-label-value | fragment |

icmp6-type { icmp6-type
icmp6-code | icmp6-message }

| logging | routing [ type

routing-type ] | source { source
source-prefix |

source/source-prefix | any } |

source-port operator port1

[ port2 ] | time-range
time-range-name | vpn-instance

vpn-instance-name ] *

Required
By default IPv6 advanced ACL does not contain any
rule.
If an IPv6 advanced ACL is for QoS traffic
classification or packet filtering:

Do not specify the fragment, routing or
vpn-instance keyword, or specify neq for the

operator argument.

Do not specify the flow-label keyword, or specify
gt, lt, or range for the operator argument if the
ACL is for outbound QoS traffic classification or

outbound packet filtering.

The logging and counting keywords (even if

specified) do not take effect for QoS traffic

classification.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an IPv6 advanced ACL rule has no rule
description.

Add or edit a rule
range remark

rule [ rule-id ] remark text

Optional
By default, no rule range remarks are configured.

Enable counting
ACL rule matches

performed in

hardware

hardware-count enable

Optional
Disabled by default.
When the ACL is referenced by a QoS policy, this
command does not take effect.

Advertising
This manual is related to the following products:

H3C S5800 Series Switches, H3C S5820X Series Switches

Popular Brands
Popular manuals