Figure 11-4 Networking Diagram For Configuring Acl6 And Filtering Ipv6 Packets - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Networking Requirements
As shown in
need to configure an ACL6 rule on S9300-A to prevent the IPv6 packets with the source IP
address 3001::2 from entering GE 1/0/0 of S9300-A.

Figure 11-4 Networking diagram for configuring ACL6 and filtering IPv6 packets

S9300-A
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
l
l
l
Procedure
Step 1 Enable IPv6 forwarding capability on S9300-A and S9300-B, set the parameters for the
interfaces, and check the connectivity.
# Configure S9300-A.
<Quidway> system-view
[Quidway] sysname S9300-A
[S9300-A] ipv6
[S9300-A] interface gigabitethernet 1/0/0
[S9300-A-GigabitEthernet1/0/0] port link-type trunk
[S9300-A-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[S9300-A-GigabitEthernet1/0/0] quit
[S9300-A] interface vlanif 10
[S9300-A-Vlanif10] ipv6 enable
[S9300-A-Vlanif10] ipv6 address 3001::1 64
[S9300-A-Vlanif10] quit
# Configure a static route on S9300-A.
[S9300-A] ipv6 route-static 3002:: 64 3001::2
# Configure S9300-B.
Issue 06 (2010–01–08)
Figure 11-4, S9300-A and S9300-B are connected through GE interfaces. You
VLAN 10
GE1/0/0
3001::1/64
Set the number of the ACL6.
Configure the rules in the ACL6.
Define the classification, action, and policy to be performed on the packets.
ACL6 number
Source IPv6 address permitted by the ACL6 rule
Names of traffic classifier, traffic behavior, and traffic policy
Interface where the traffic policy is applied
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
S9300-B
GE1/0/0
3001::2/64
11 ACL Configuration
Loopback2
3002::2/64
11-23