Depth-first match for an advanced ipv6 acl, Ipv6 acl step, Effective period of an ipv6 acl – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 408: 6 effective period of an ipv6 acl
40-6
Depth-first match for an advanced IPv6 ACL
The following shows how your switch performs depth-first match in an advanced IPv6 ACL:
1) Sort rules by protocol range first, and compare packets against the rule with the protocol carried on
IPv6 specified prior to other rules.
2) If two rules are present with the same protocol range, look at source IPv6 address wildcard in
addition. Then, compare packets against the rule configured with a larger prefix length in the
source IPv6 address wildcard prior to the other.
3) If the prefix lengths in the source IPv6 address wildcards are the same, look at the destination IPv6
address wildcards. Then, compare packets against the rule configured with a larger prefix length in
the destination IPv6 address wildcard prior to the other.
4) If the prefix lengths in the destination IPv6 address wildcards are the same, look at the Layer 4 port
number (TCP/UDP port number). Then compare packets against the rule configured with the lower
port number prior to the other.
5) If the port numbers are the same, compare packets against the rule configured first prior to the
other.
The comparison of a packet against an ACL stops once a match is found. The packet is then processed
as per the rule.
IPv6 ACL Step
.
Effective Period of an IPv6 ACL
Effective Period of an IPv4 ACL