H3C S3100 Series Command Manual page 346

View
Basic IPv6 ACL view
Default Level
2: System level
Parameters
rule-id: IPv6 ACL rule number, in the range 0 to 65534.
deny: Drops matched packets.
permit: Allows matched packets to pass.
counting: Counts the matches of the IPv6 ACL rule.
fragment: Indicates that the rule applies to only non-first fragments. A rule without this keyword applies
to all fragments and non-fragments.
logging: Logs matched packets. This function requires that the module using the ACL support logging.
source { ipv6-address prefix-length | ipv6-address/prefix-length | any }: Specifies a source address.
The ipv6-address and prefix-length arguments specify a source IPv6 address and its address prefix
length in the range 1 to 128. The any keyword indicates any IPv6 source address.
time-range time-range-name: Specifies the time range in which the rule takes effect. The
time-range-name argument is a case insensitive string of 1 to 32 characters. It must start with an
English letter and cannot be named all to avoid confusion.
Description
Use the rule command to create a basic IPv6 ACL rule or modify an existing basic IPv6 ACL rule.
Use the undo rule command to remove a basic IPv6 ACL rule or remove some criteria from the rule.
If you specify no optional keywords, the undo rule command removes the entire ACL rule; otherwise,
the command removes only the specified criteria. Before performing the undo rule command, you may
need to use the display acl ipv6 command to view the ID of the rule.
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest
multiple of the step that is bigger than the current biggest number. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing
rule in the ACL.
You can only modify the existing rules of an ACL that uses the rule order of config. When modifying a
rule of such an ACL, you may choose to change just some of the settings, in which case the other
settings remain the same.
When the ACL rule order is auto, a newly created rule will be inserted among the existing rules in the
depth-first rule order. Note that the IDs of the rules still remain the same.
Related commands: display acl ipv6.
Examples
# Create IPv6 ACL 2000 and add two rules.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64
4-7